[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CWD -- Jacking in from the "Keys to the Kingdom" Port
-----BEGIN PGP SIGNED MESSAGE-----
At 02.09 PM 7/4/96 -0400, you wrote:
>On Wed, 3 Jul 1996, Mark Rogaski wrote:
>
>> I would assume that the filters look for regexp's in the query string, too.
>> How about a nice little Nutscape plugin that uses a rot13'd query string?
>
> Do you have a copy of that plugin? If it exists.
>
>> http://www.one.site.com/cgi-bin/sneaky-rd?uggc://jjj.cbeab-fvgr.pbz/
>>
>> Hmmm, no bad words in the query string. Of course the filter package would
>> start looking for rot13'd stuff in the next release. So the next logical
>> step is to use the URL encrypted with the redirector's public key ... or
>> better yet, a dynamically generated key. Just convert it to radix64 so
>> as to avoid ?'s &'s or ='s, and use that as the query string.
>>
>> The plug-in would only be necessary to generate the first request. Any
>> URL preparation could be handled by passing the output of netcat through
>> a stream filter before sending it to the client.
>
> That "creative child" would have to be pretty damn smart to do
>what you described.
It would actually take less creativity to do the other things, bypass the
config.sys, etc. The child would thus be perhaps a little TOO creative. :)
===============================================================================
David Rosoff (nihongo o sukoshi dekiru) ----------------> [email protected]
For PGP key 0xD37692F9, finger [email protected]
0xD37692F9 Key fingerprint = 25 7D AA 01 85 41 43 89 50 5A 33 76 F1 F1 99 67
Do you know who's reading your email? ---> http://www.arc.unm.edu/~drosoff/pgp/
Anonymous ok, PGP ok. If it's not PGP-signed, you know that I didn't write it.
=== === === === === === === === === === === === === === === === === === === ===
"Truth is stranger than fiction, especially when truth is being defined by the
O.J. Simpson Defense Team." -Dave Barry
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMdxKohguzHDTdpL5AQEFIwQAuK9Ca8ImcDka9mYWht35h8NMSr2A/tfB
zvusZ8P5HIEYTbQ8GyRDQ3R+X58+k2pQmaCnO66EtI83mrVs+J9C8B7LoobroZpO
u2R0SnMMJVU6eQAnkABkgYaMLVamqEMG+n6qmk7NePjsawSBvOdtuH9dmccR1/Pi
+sGpQvT6RvI=
=vTir
-----END PGP SIGNATURE-----