Comment by krick
5 years ago
Uh... I mean, you don't really think that person has an accurate understanding of what actually happened? Because I'm having a hard time trying to imagine that. It's not that there aren't any vulnerabilities in curl that can be exploited that way, but I struggle to think of situation where curl would have been an actual culrprit. Also, it sounds like he thinks curl is something purposefully malicious.
On the matter of "inevitability of progress": yep, I even think it applies to much bigger extent. I just don't see how is this connected to the troubles of the-victim-of-curl guy.
Oh, the statement just made me pause and think that's all.
> but I struggle to think of situation where curl would have been an actual culrprit.
I agree, I think it's much more likely that there was a 2 stage type of exploit where curl was used to download the second stage locally on the machine. That's at least how curl (or wget) is used on hackthebox.eu (where everyone hacks boxes for fun).