Hosting Provided By

Re: Vulnerability in multiple "now playing" scripts for various IRC clients

From: Michael Tharp <gxti(at)partiallystapled.com>
Date: Wed Aug 15 2007 - 13:34:38 EDT

v9@fakehalo.us wrote:
> I may be rusty with knowledge about mirc (say almost 10 years out of date)...but, in what situation would the pipe ('|') ever be processed from a variable, even if it was read from a mp3 ID3?

This is probably a bigger concern for *nix scripts, especially of the homebrew variety where the owner hacks something out in 20 minutes and never looks at it again. While the attacker might not have access to the source code, they shouldn't have any problems defeating simple substitution onto a command line.

m. tharp

Received on Wed Aug 15 15:48:23 2007

This message: [ Message body ]
Next message: security(at)mandriva.com: "[ MDKSA-2007:162 ] - Updated kdegraphics packages fix vulnerability"
Previous message: Debasis Mohanty: "RE: [Full-disclosure] SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulnerability"
In reply to: v9(at)fakehalo.us: "Re: Vulnerability in multiple "now playing" scripts for various IRC clients"
Next in thread: Wouter Coekaerts: "Re: Vulnerability in multiple "now playing" scripts for various IRC clients"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:12:07 EDT