This repository has been archived by the owner on Mar 19, 2023. It is now read-only.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session.
You signed out in another tab or window. Reload to refresh your session.
Hi,
the http-query-string is not sanitized. An attacker could inject a command. Here is an example that gives out the
id-command:/pks/lookup?search=someid@example.com;id&op=get
It is possible to place a shell, or open a reverse-shell or exchange gpg-keys or execute other commands
The text was updated successfully, but these errors were encountered: