Hosting Provided By

Re: shell script cgi

From: Ed Schmollinger <schmolli(at)frozencrow.org>
Date: Sun Nov 17 2002 - 09:58:00 EST

On Sat, Nov 16, 2002 at 01:44:15AM -0800, Nick Jacobsen wrote:
> Have you considered including qoute characters in the HTTP_USER_AGENT field?

That would require your string to be expanded twice, just like all the other examples that don't do anything bad. echo doesn't expand its arguments, and the shell only expands variables once.

It doesn't matter what you set $HTTP_USER_AGENT to. It's quoted. The worst that you can do with that code snippet is to pass a goofy looking value to sed via stdin. If you're looking for something to exploit, look at how the variable $ua is used later on in the script.

-- 
Ed Schmollinger - schmolli@frozencrow.org

application/pgp-signature attachment: stored

Received on Mon Nov 18 00:50:33 2002

This message: [ Message body ]
Next message: Ralf Dreibrodt: "Re: shell script cgi"
Previous message: phrail(at)division7.us: "[Division 7 Security Systems]-Multiple Vulnerabilities Found in Redhat 8.0 and FreeBSD 4.7-Stable"
In reply to Nick Jacobsen: "Re: shell script cgi"
Next in thread: c jones: "Re: shell script cgi (summary?)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT