Two thoughts come to top of mind:
Exploiting a flaw in the FooSSH server to gain a ssh session logged into the account that server daemon is running as.
Sending IIS a malformed HTTP message that causes a buffer overflow, causing the web server to execute code crafted into the HTTP operation. (e.g. GET superlongstring/shutdown -s -t 0.)
__________________
My Journal
Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
|