Re: Command injection with no spaces

[Jim Halfpenny <jim.halfpenny () gmail com>]

Hi,
You could try using shell variables to encode the spaces you need. If
I want to echo 'a b c' for example I can do this:

CMD=$'\x20a\x20b\x20c';echo$CMD

Note the leading space in CMD which separates the echo command from
the parameters. This works in bash on Linux, can't say if this would
work on AIX.

Jim

On 14 June 2012 10:18, Matt Summers <matt () fireantsecurity co uk> wrote:
> Folks,
>
> We came across an interesting bug in a web system where we could execute any
> system command (on AIX) but we could not enter any spaces in the command and
> we would only get the last line of STDOUT.
>
> Has anyone else come across anything like this?
>
> The most we were able to do was cat the last line from system files and
> determine if a directory existed.
>
> Cheers,
>
> Matt
>
> --- Part time worker full time salary ---
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com