Pantek Library

Hosting Provided By

CybrHost

High Speed Hosting

Re: shell script cgi

From: Nick Jacobsen <nick(at)ethicsdesign.com>
Date: Sat Nov 16 2002 - 04:44:15 EST

Have you considered including qoute characters in the HTTP_USER_AGENT field? like so:
$HTTP_USER_AGENT = "" | cat "/etc/passwd" if you do this, the ua=`echo "$HTTP_USER_AGENT" | sed "s#\;##g"` stirng will come out looking like the following:
ua=`echo "" | cat "/etc/passwd" | sed "s#\;##g"` all you are doing is terminating the echo text with a qoute character, and then adding another qoute character before the filename so that the command will be interpreted correctly...
Let me know if this works, but it should...

Nick Jacobsen
Ethics Design
nick@ethicsdesign.com

Original Message ----- From: "Philip Rowlands" <phr@doc.ic.ac.uk> To: <vuln-dev@securityfocus.com> Sent: Thursday, November 14, 2002 4:23 PM Subject: Re: shell script cgi

> On Thu, 14 Nov 2002, c jones wrote:
Received on Sun Nov 17 01:39:27 2002

This message: [ Message body ]
Next message: Riley Hassell: "Re: ColdFusion Heap Overflow -continued"
Previous message: Gary O'leary-Steele: "ColdFusion Heap Overflow -continued"
In reply to Philip Rowlands: "Re: shell script cgi"
Next in thread: Ed Schmollinger: "Re: shell script cgi"
Reply: Ed Schmollinger: "Re: shell script cgi"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT

Contact Us Legal Notices Order Services Online
Pantek Home Privacy Policy IT news Site Map Pantek Library