[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Password policy.

On 14/11/18 9:28 pm, Corey Manshack wrote:
> If they have /etc/shadow why would they need to brute force :) I can’t think of a vuln that would give that up without them already having root.

A website file uploader tool, apparantly there has been one there for
about 10 years using jquery.  Once the file is uploaded, it can be
leveraged to steel other files that the website shouldn't have access to.

That's just one example.  I'm sure there are many others.


Reply to: