On 14/11/18 10:25 pm, Corey Manshack wrote: > So using the file uploader tool we can inject many more dangerous scripts and codes to gain higher access than just “reading” /etc/shadow if the uploader tool is running as privileged user or we gained privilege escalation another way. Sure, I never said it was a good example... In any case, weak passwords as per the "recommendation" are surprising to say the least. A.