Исходное сообщение
"Уязвимости в cURL/libcURL и libsndfile" Отправлено Eugeni, 04-Мрт-09 22:31
...   This is a problem, for example, when the application is running on a server   and is written to upload or to otherwise provide the transfered data to a   user, to another server or to another application etc, as it can be used to   expose local files it was not meant to.   The problem can also be exploited for uploading, if the rogue server   redirects the client to a local file and thus it would (over)write a local   file instead of sending it to the server.   libcurl compiled to support SCP can get tricked to get a file using embedded   semicolons, which can lead to execution of commands on the given   server. "Location: scp://name:passwd@host/a'``;date >/tmp/test``;'". ...