Wednesday, April 21, 2010

Small fix for lophttpd

I uploaded a new version of lophttpd since it was
not properly decoding URL escapes (%2B etc). Not
a security issue, but it was just ignoring escapes
completely %-D
Since the download stats for lophttpd are quite
impressive, I quickly added it. I already found the first
lophttpd banners in the wild. :)

The amount of download is of course not as impressive
as for devshit. I think most people don't realize that
this is not an exploit that pops you up a rootshell.Instead
it sets up a portable HDD which, upon plugin into a vulnerable
DeviceKit installation, creates a rootshell on the system.
IOW you need console access.

No comments: