Wildcards gone wild!

A great tutorial on utilizing wildcards as an attack vector.


"...Simple trick behind this technique is that when using shell wildcards, especially asterisk (*), Unix shell will interpret files beginning with hyphen (-) character as command line arguments to executed command/program.  That leaves space for variation of classic channeling attack.  Channeling problem will arise when different kind of information channels are combined into single channel. Practical case in form of particularly this technique is combining arguments and file names, as different "channels" into single, because of using shell wildcards...."