On Sat, Dec 27, 2014 at 9:22 AM, Serge Fonville <serge.fonville@xxxxxxxxx> wrote: > Looks interesting, > > There are clearly a bunch of flaws :-) > FTP to webserver user > root login from webserver to MySQL > terminal access to webserver > Mailserver runs as privileged user > > Kind regards/met vriendelijke groet, > > Serge Fonville > > http://www.sergefonville.nl > > 2014-12-27 14:47 GMT+01:00 Stuart Dallas <stuart@xxxxxxxx>: > > > Came across this today and thought it might be of interest. Some food for > > thought at the very least. > > > > > > http://vimeo.com/11213607 > > > > > > > > Note that the whole scenario starts with a lack of adequate MySQL > > escaping. The smallest vulnerability can lead to a massive intrusion. > > > > > > -Stuart > > > > > > -- > > Stuart Dallas > > 3ft9 Ltd > > http://3ft9.com/ > Nice, thanks for sharing!
