Darknet - The Darkside

Don`t Learn to HACK - Hack to LEARN. That`s our motto and we stick to it, we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on Twitter, Facebook or RSS for the latest updates.

22 November 2014 | 506 views

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier

Prevent Network Security Leaks with Acunetix

So it’s been a while since we’ve talked about any flaws in WordPress – because usually they are pretty dull and require such an obscure set of circumstances, that they are unlikely to ever occur in the wild.

The most recent time was this year actually, but was a DoS attack, which is not THAT damaging – XML Quadratic Blowup Attack Blows Up WordPress & Drupal.

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier

But this, this time it’s different – this one is pretty seriously. Fortunately it’s not a vulnerability in the latest version of WordPress (4.0) but only affects those people still sticking to the latest version on the 3.x branch (3.9.2 or below).

New security updates released for the WordPress content management system and one of its popular plug-ins fix cross-site scripting (XSS) vulnerabilities that could allow attackers to take control of websites.

The WordPress development team released Thursday WordPress 4.0.1, 3.9.3, 3.8.5 and 3.7.5 as critical security updates. The 3.9.3, 3.8.5 and 3.7.5 updates address an XSS vulnerability in the comment boxes of WordPress posts and pages. An attacker could exploit this flaw to create comments with malicious JavaScript code embedded in them that would get executed by the browsers of users seeing those comments.

“In the most obvious scenario the attacker leaves a comment containing the JavaScript and some links in order to put the comment in the moderation queue,” said Jouko Pynnonen, the security researcher who found the flaw, in an advisory. “When a blog administrator goes to the Dashboard/Comments section to review new comments, the JavaScript gets executed. The script can then perform operations with administrator privileges.”

Such a rogue operation can be the creation of a second WordPress administrator account with an attacker-specified password. What makes things worse is that the flaw can typically be exploited without authentication, because the action of posting a comment on a WordPress blog does not require an account by default.

Still, if a blog is using 3.9.2 and has anonymous commenting enabled (which most do) then a malicious user could execute JavaScript as you (the admin) by utilising this exploit.

Obviously if you’ve gone the ‘cloud’ way and don’t allow ANY user input at all, and are using only Facebook Comments/Disqus/LiveFyre etc then you are safe.

The comment XSS vulnerability only affects WordPress 3.9.2 and earlier versions, not WordPress 4.0. However, the 4.0.1 update, as well as the 3.x ones, also address three other XSS flaws that can be used to compromise WordPress sites if the attacker has access to a contributor or author account on them.

The new releases also fix a cross-site request forgery flaw that could be used to trick a user into changing their password, as well as a denial-of-service issue.

Separately, the developers of WP-Statistics, a WordPress plug-in that gathers and displays visitor statistics, issued an update to fix a high-risk XSS flaw that’s similar to the ones fixed in the content management system itself.

“The plugin fails to properly sanitize some of the data it gathers for statistical purposes, which are controlled by the website’s visitors,” said Marc-Alexandre Montpas, a researcher at Web security firm Sucuri, in a blog post. “If an attacker decided to put malicious Javascript code in the affected parameter, it would be saved in the database and printed as-is in the administrative panel, forcing the victim’s browser to perform background tasks on its behalf.”

The Sucuri researchers were able to leverage the flaw to create a new admin account on a test site.

As a side note, there is also a similar vulnerability in the popular plug-in WP-Statistics, which also fails to sanitize data and falls foul to the same kind of XSS (which allows addition of an admin account by the malicious user).

There’s an update available for the plugin, so if you’re usint it – get it updated! And of course update WordPress core as well, if your auto-updates failed.

Source: Network World



20 November 2014 | 736 views

Sparty – MS Sharepoint and Frontpage Auditing Tool

Sparty is an open source Sharepoint and Frontpage auditing tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

Sparty - MS Sharepoint and Frontpage Auditing Tool

Features

  • Sharepoint and Frontpage Version Detection!
  • Dumping Password from Exposed Configuration Files!
  • Exposed Sharepoint/Frontpage Services Scan!
  • Exposed Directory Check!
  • Installed File and Access Rights Check!
  • RPC Service Querying!
  • File Enumeration!
  • File Uploading Check

Usage

Requirements

This version uses following libraries:

  • import urllib2
  • import re
  • import os, sys
  • import optparse
  • import httplib

Also note Python 2.6 is required.

You can download Sparty here:

master.zip

Or read more here – the author can be found on Twitter here @AdityaKSood.


18 November 2014 | 1,204 views

U.S. State Department Hacked

So the U.S. government has been getting fairly hammered lately with breaches/attacks hitting the White House, USPS (Postal Service) and NOAA.

The latest victim of this onslaught has been the State Department, which had to totally shut down their email systems on November 14th after discovering various ‘areas of concern’.

U.S. State Department Hacked

I wonder who’s going to fall next after this? This seems to be a fairly sustained and systematic attack, perhaps from the same perpetrators (or ‘actors’ if I was to use the new trendy infosec language).

Over the course of the last several weeks, a number of high-profile U.S. federal networks have been breached by attackers. The latest organization to be breached is the U.S. State Department, which had to take its email system offline.

The breach at the State Department follows attacks against the White House, the United States Postal Service (USPS) and the National Oceanic and Atmospheric Administration (NOAA).

The Associated Press, which broke the story on the State Department hack on Nov. 16, indicated that the entire unclassified email system was potentially at risk. The actual State Department email shutdown occurred late Friday, Nov. 14, as areas of concern about the email system were discovered.

Currently, there is no official attribution for the source of the State Department email incident. In the NOAA and White House incidents, reports have alleged that nation-state actors from China and Russia were involved.

Bob Stratton, managing partner at cyber-security accelerator Mach37, told eWEEK that he was somewhat surprised at the State Department disclosure. In general, his view is that the State Department’s discussion of this attack is a constructive development.

“While perfect security is a laudable goal, users of information technology are coming to realize that these events occur even in the face of diligent effort,” Stratton said. “There is some value in not immediately assuming that IT operations and security organizations are incompetent so much as that they are enduring a continuing, innovative, determined stream of network attacks.”

Blame it on Russia or China right? That seems to be the standard answer when it comes to things like this. It is good to see it was announced though and not swept under the carpet like it usually is. It’ll be interesting to see if we get any actual meaty details though (like how the attackers got in, what kind of information was leaked, how they fixed the issues etc.).

But honestly, I don’t see that kind of openness happening any time soon. It would be nice though right?

At this point, Stratton added, he’s more curious about how quickly and effectively a breached agency or company can do damage assessment, and how long it takes for them to perform remediation of the breach with confidence that it was done effectively.

In the State Department incident, the email system was the target, which makes sense considering what sort of information might be present.

“An email system contains not only information regarding users in the directory services, but also a wealth of information in the emails themselves,” John Fitzgerald, CTO North America at Wave Systems, told eWEEK. “So if an attacker is able to gain access to internal data repositories—databases, email systems and file stores—a great amount of direct and indirect information can be gathered.”

There is no question that the use of email as a vehicle for delivery of attacks is extremely popular, and has been for a while, according to Stratton.

“It makes sense if one is trying to collect information on an organization that the attacker might be interested in what is arguably the most commonly used and perhaps most critical collaboration tool,” he said.

In terms of next steps for the government, Fitzgerald said the information gathered from the attacks should be used to investigate whether other areas of the infrastructure have been compromised and look for similar fingerprints in other information systems.

Stratton added that he expects the State Department will be doing a damage assessment to determine what exactly was breached, and the sensitivity and implications of that, as well as developing a remediation plan.

“The question in situations where there is a large set of stored information is, Is there some way that the consistent use of encryption might have prevented the loss of some of this information?” Stratton said. “That is no panacea either, but it can sometimes help to make extracting information through an attack more difficult for the attacker.”

I would imagine an organisation like the State Department has access to some pretty hot forensics/incident response teams though, so they should be able to a fairly quick and thorough investigation of what happened.

That is if it was handled properly and the evidence of tampering hasn’t already been destroyed by some heavy handed internal IT support staff member turning off servers and unplugging switches.

They should have a pretty tight IRP in place to handle things like this though, so the chain of evidence should be pretty legit. Yah, that was an awful lot of ‘shoulds’.

Source: eWeek


15 November 2014 | 2,431 views

Kali Linux – The Most Advanced Penetration Testing Linux Distribution

So Linux Live CDs based around hacking or penetration testing used to be a super big deal, they died down a bit in the last few years. The king of the hill back in 2011 used to be BackTrack and the last time we mentioned it was when BackTrack 5 came out.

This article is our second most viewed of ALL TIME – 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) – perhaps it’s time we do an updated list.

And we covered BackTrack since it first started in 2006, when it was a merger between 2 other distros – Whax and Auditor (anyone remember that far back?).

Kali Linux is the new generation of the industry-leading BackTrack penetration testing Linux distribution also good for security auditing. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards.

Kali Linux - The Most Advanced Penetration Testing Linux Distribution

Features in Kali Linux

  • More than 300 penetration testing tools: After reviewing every tool that was included in BackTrack, we eliminated a great number of tools that either did not work or had other tools available that provided similar functionality.
  • Free and always will be: Kali Linux, like its predecessor, is completely free and always will be. You will never, ever have to pay for Kali Linux.
  • Open source Git tree: We are huge proponents of open source software and our development tree is available for all to see and all sources are available for those who wish to tweak and rebuild packages.
  • FHS compliant: Kali has been developed to adhere to the Filesystem Hierarchy Standard, allowing all Linux users to easily locate binaries, support files, libraries, etc.
  • Vast wireless device support: We have built Kali Linux to support as many wireless devices as we possibly can, allowing it to run properly on a wide variety of hardware and making it compatible with numerous USB and other wireless devices.
  • Custom kernel patched for injection: As penetration testers, the development team often needs to do wireless assessments so our kernel has the latest injection patches included.
  • Secure development environment: The Kali Linux team is made up of a small group of trusted individuals who can only commit packages and interact with the repositories while using multiple secure protocols.
  • GPG signed packages and repos: All Kali packages are signed by each individual developer when they are built and committed and the repositories subsequently sign the packages as well.
  • Multi-language: Although pentesting tools tend to be written in English, we have ensured that Kali has true multilingual support, allowing more users to operate in their native language and locate the tools they need for the job.
  • Completely customizable: We completely understand that not everyone will agree with our design decisions so we have made it as easy as possible for our more adventurous users to customize Kali Linux to their liking, all the way down to the kernel.
  • ARMEL and ARMHF support: Since ARM-based systems are becoming more and more prevalent and inexpensive, we knew that Kali’s ARM support would need to be as robust as we could manage, resulting in working installations for both ARMEL and ARMHF systems. Kali Linux has ARM repositories integrated with the mainline distribution so tools for ARM will be updated in conjunction with the rest of the distribution.

You can download Kali Linux here:

Kali Linux 64-Bit ISO (Torrent)
Kali Linux 32-Bit ISO (Torrent)

Or read more here.


13 November 2014 | 2,422 views

Microsoft Schannel Vulnerabilty – Patch It NOW

So yah, it seems like every implementation of TLS is broken and some may say this Microsoft Schannel vulnerabilty is actually worse than Heartbleed. Why is it worse you ask? Because it allows remote code execution, which honestly – is about as bad as it gets.

Microsoft Schannel Vulnerabilty

This is a critical update, a really, really critical patch that must be applied ASAP to all Windows machines. Fortunately there doesn’t seem to be a live exploit in the wild being used, but that doesn’t mean someone doesn’t have one.

Patch Tuesday this month is a genuinely huge (and rather important) set of updates.

Microsoft has been forced to issue a critical patch for a vulnerability that affects every current version of its Windows operating system.

The bug affects code in the Microsoft secure channel (schannel) security component. This component implements the secure sockets layer and transport layer security (TLS) protocols.

A flaw in the code means it fails to properly filter specially formed packets allowing hackers to execute code remotely on an affected Windows machine.

According to the advisory, the flaw affects Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8/8.1, Windows Server 2012/2012 R2, and Windows RT/RT 8.1 machines. The flaw is rated critical for all affected operating systems.

Microsoft said that it “had not received any information to indicate that this vulnerability had been publicly used to attack customers”.

This could potentially wreak havoc if someone codes it into a worm or mass botnet exploit which self replicates, as I imagine we have about a week or so before a live exploit is reverse engineered from the patch.

And then boom, anyone who hasn’t patched (which unfortunately, as we know is going be a lot of people) is going to get popped.

You can read the actual Microsoft Bulletin (MS14-066) here – Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

Security researchers said exploitation of the SChannel bug has the potential to be worse than Heartbleed and Shellshock combined due to the large numbers of affected systems.

“Heartbleed was less powerful because it was ‘just’ an information disclosure bug and Shellshock was remotely exploitable only in a subset of affected systems,” said Craig Young, security researcher at Tripwire.

“Some administrators may want to prioritise this over the Internet Explorer patch even though we’ve seen attacks we’ve seen in the wild against the browser. This is because MS14-066 has the potential to be exploited without user-interaction,” he said.

Young added that exploitation of the bug would be “tricky”. “Hopefully, this will give admins enough time to patch their systems before we see exploits.”

Just last week, Microsoft was preparing a slew of updates to its products with 16 patches to fix critical flaws in Windows and Internet Explorer.

It seems from some sources too that it’s not just one vulnerability, but a whole set which has been mentioned by Cisco/Talos here:

Microsoft Update Tuesday November 2014: Fixes for 3 0-day Vulnerabilities

It seems like it was internally found during a proactive security assessment, which is a good sign and means a more secure Microsoft environment for us in the future. We shall have to keep a close eye on this and see if the Windows World explodes.

Source: ITPro


11 November 2014 | 2,112 views

Radare – The Reverse Engineering Framework

Radare started out as a simple command line interface for a hexadecimal editor supporting 64 bit offsets to make searches and recovering data from hard-disks. It has evolved into a project that is composed of a hexadecimal editor as the central point of the project with assembler/disassembler, code analysis, scripting features, analysis and graphs of code and data and easy unix integration. Essentially, it has become a reverse engineering framework, with plugins and much more.

radare2 itself is the core of the hexadecimal editor and debugger. Allows to open any kind of file from different IO access like disk, network, kernel plugins, remote devices, debugged processes and handle any of them as if they were a simple plain file.

Radare - The Reverse Engineering Framework

It implements an advanced command line interface for moving around the file, analyzing data, disassembling, binary patching, data comparision, searching, replacing, scripting with Ruby, Python, Lua and Perl.

Features

  • CLI and visual modes
  • Yank and paste
  • Perl/Python scripting support
  • Virtual base address for on-disk patching
  • vi-like environment and command repetition (3x)
  • Debugger for x86-linux/bsd and arm-linux
  • Data bookmarking (flags)
  • Scripting (no branches or conditionals yet)
  • Own magic database (rfile)
  • Little/big endian conversions
  • Data search
  • Show xrefs on arm, x86 and ppc binaries
  • Data type views
  • Data block views
  • Visual mode commands

You can download radare here:

radare2-0.9.7.tar.xz

Or read more here – the author can be found on Twitter here @trufae.


05 November 2014 | 728 views

Brakeman – Static Analysis Rails Security Scanner

Brakeman is a Rails security scanner – unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found.

It works with Rails 2.x, 3.x, and 4.x.

Brakeman - Static Analysis Rails Security Scanner

The only other Ruby-centric tool we’ve covered is:

Codesake::Dawn – Static Code Analysis Security Scanner For Ruby

If you are interested in more tools of this type you can find our complete list here (which covers various languages) – Code Auditing Tools.

Advantages

No Configuration Necessary

Brakeman requires zero setup or configuration once it is installed. Just run it.

Run It Anytime

Because all Brakeman needs is source code, Brakeman can be run at any stage of development: you can generate a new application with rails new and immediately check it with Brakeman.

Better Coverage

Since Brakeman does not rely on spidering sites to determine all their pages, it can provide more complete coverage of an application. This includes pages which may not be ‘live’ yet. In theory, Brakeman can find security vulnerabilities before they become exploitable.

Best Practices

Brakeman is specifically built for Ruby on Rails applications, so it can easily check configuration settings for best practices.

Flexible Testing

Each check performed by Brakeman is independent, so testing can be limited to a subset of all the checks Brakeman comes with.

Speed

While Brakeman may not be exceptionally speedy, it is much faster than “black box” website scanners. Even large applications should not take more than a few minutes to scan.

Installation

Using RubyGems:

Using Bundler, add to development group in Gemfile and set to not be required automatically:

From source:

You can download Brakeman 2.6.3 here:

v2.6.3.zip

Or read more here.


03 November 2014 | 821 views

Facebook Allows Tor Access To Site

Facebook started out blocking users of the Tor network in 2013, but have recently had a change of mind and now Facebook allows Tor access to the site even providing a special .onion address for users of the network to directly connect to Facebook infrastructure.

Facebook Allows Tor Access To Site

It’s an interesting decision as many of the Facebook ‘security controls’ will fail due to a Tor users appearing to come from many different geographical locations during one browsing session.

Facebook has changed its stance on Tor traffic and will now provide users with a way to connect to its free content ad network using the anonymizing service.

The company said that it will now offer a special URL – https://facebookcorewwwi.onion – that will allow users running Tor-enabled browsers to access the service.

Facebook had previously blocked Tor access, citing security concerns and the possibility that Tor could be used to conduct attacks on its servers.

The social network said back in 2013 that it would work with Tor on a possible solution. Now, more than a year later, it seems one is at hand. Even as it launched of the Tor access address, however, Facebook acknowledged that the Tor network poses some risks.

“Tor challenges some assumptions of Facebook’s security mechanisms – for example its design means that from the perspective of our systems a person who appears to be connecting from Australia at one moment may the next appear to be in Sweden or Canada,” Facebook senior engineer Alec Muffett said in announcing the move.

You can view the Facebook post about this here: Making Connections to Facebook more Secure

There’s still a major issue with this though, as you can see in the comments, Facebook still only has a front end based around JavaScript (the mobile interface doesn’t work via the Onion address) – which is a big no-no for the privacy paranoid Tor users.

“In other contexts such behavior might suggest that a hacked account is being accessed through a ‘botnet’, but for Tor this is normal.”

The company said the service would also use SSL atop Tor with a certificate that cites the unique Tor address. This, the company said, will allow Tor to maintain a secure connection and prevent users from being redirected to fake sites.

“The idea is that the Facebook onion address connects you to Facebook’s Core WWW Infrastructure – check the URL again, you’ll see what we did there – and it reflects one benefit of accessing Facebook this way: that it provides end-to-end communication, from your browser directly into a Facebook datacentre,” Muffett said.

Those who are privacy conscious may still want to note, however, that measures such as Facebook’s controversial “Real Name” policy remain in effect.

The fact it’s running over SSL is a good move too as a Tor user, it means your connection is direct and encrypted right into the Facebook datacenter. Although what you are doing on Facebook that’s so critically important and needs protecting – I really don’t know.

Either way, it’s a cool move from Facebook and we’ll be watching to see what else they come out with.

Source: The Register


31 October 2014 | 2,157 views

ZMap – Fast Open-Source Network Scanner

ZMap is a fast open-source network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes.

ZMap - Open-Source Network Scanner

While previous network tools have been designed to scan small network segments, ZMap is specifically architected to scan the entire address space. It is built in a modular manner in order to allow incorporation with other network survey tools. ZMap operates on GNU/Linux and supports TCP SYN and ICMP echo requestscanning out of the box.

ZMap is a typical “async/syn-cookie” scanner like scanrand, Unicornscan, and masscan. For more port scanners check here.

While ZMap is a powerful tool for researchers, please keep in mind that by running ZMap, you are potentially scanning the ENTIRE IPv4 address space and some users may not appreciate your scanning. We encourage ZMap users to respect requests to stop scanning and to exclude these networks from ongoing scanning.

We suggest that users coordinate with local network administrators before performing any scans and we have developed a set of scanning best practices, which we encourage researchers to consider. It should go without saying that researchers should refrain from exploiting vulnerabilities or accessing protected resources, and should comply with any special legal requirements in their jurisdictions.

Scanning Best Practices

  1. Coordinate closely with local network administrators to reduce risks and handle inquiries
  2. Verify that scans will not overwhelm the local network or upstream provider
  3. Signal the benign nature of the scans in web pages and DNS entries of the source addresses
  4. Clearly explain the purpose and scope of the scans in all communications
  5. Provide a simple means of opting out and honor requests promptly
  6. Conduct scans no larger or more frequent than is necessary for research objectives
  7. Spread scan traffic over time or source addresses when feasible

Usage

You can download ZMap here (it’s also available via repo install for most common *nix operating systems):

v1.2.1.tar.gz

Or read more here.


30 October 2014 | 1,653 views

Serious Linux/UNIX FTP Flaw Allows Command Execution

A lot of old bugs have been biting us on the butt lately, and here’s another to add to the list. This week it was discovered a fairly nasty FTP Flaw Allows Command Execution when using the old but still fairly widely used. tnftp client

It’s a fairly unlikely set of circumstances however, and it is a client flaw not a server flaw – so you’d need to connect to a malicious server using tnftp to fall foul of this flaw.

Linux/UNIX FTP Flaw Allows Command Execution

Basically if you request a file, but don’t use the -o flag to specify an output filename the client will follow HTTP redirects and if the output of the filename begins with a pipe it will pass the rest to popen.

A serious vulnerability has been discovered in a File Transfer Protocol (FTP) client used by many Unix-like (*NIX) operating systems, representatives of the NetBSD Project reported on Tuesday.

The tnftp FTP client is fairly old, but it’s still widely used. It can be found in Red Hat’s Fedora, Debian, NetBSD, FreeBSD, OpenBSD, and even Apple’s OS X operating systems.

Jared McNeill, a software developer at the NetBSD Project, has identified a vulnerability that can be exploited via a malicious Web server to cause tnftp to execute arbitrary commands. The CVE-2014-8517 identifier has been assigned to the flaw.

FTP Vulnerability”If you do ‘ftp http://server/path/file.txt'; and don’t specify an output filename with -o, the ftp program can be tricked into executing arbitrary commands,” Alistair Crooks, security officer at the NetBSD Project, explained in an advisory published on the Full Disclosure mailing list. “The FTP client will follow HTTP redirects, and uses the part of the path after the last / from the last resource it accesses as the output filename (as long as -o is not specified).”

The flaw was however fixed in OpenBSD FIVE YEARS ago, shame no one noticed and they didn’t make more noise about it. Although it was fixed from another perspective, not to remedy this exact flaw.

Patches are coming out for this pretty fast, and it even effects the latest Apple OS X version Yosemite (10.10) – although I don’t expect Apple to really do anything much about it.

After it resolves the output filename, it checks to see if the output filename begins with a “|”, and if so, passes the rest to popen(3),” Crooks added.

The list of operating system developers that appear to be aware of the flaw includes Debian, Red Hat, Gentoo, Novell (SuSE Linux), DragonFly, FreeBSD, and Apple. Debian, Red Hat, Gnetoo and Novell have each published advisories for the bug.

The tnftp vulnerability affects OS X Yosemite 10.10, the latest version of the Mac operating system. Apple has been notified, but Crooks says he received only a “boilerplate reply” from the company.

Interestingly, the issue was fixed in OpenBSD five years ago.

“I changed OpenBSD’s ftp(1) a while ago to just use the ‘filename’ part of the original request, rather than taking a name from the redirection target (this also matches what curl -O does) – it’s a bit less convenient in some cases, but it felt like a bad idea to allow the output filename to be under control of the remote host (though I was more thinking of the situation where someone might run it from their home directory and write to something like .profile),” Stuart Henderson of OpenBSD wrote in response to Crooks’ post.

Look out for patches for your OS, or install another ftp client (that may or may not be more secure) at your own risk. I can’t see a whole lot of damage being caused via this, as it’s a client side rather than server side issue – but some people might try and have some fun with it.

But honestly, how often are *nix users accessing web resources using a FTP client rather than CURL or wget?

Anyway, we shall see if anything comes of this.

Source: Security Week