Vulnerability Development mailing list archives
Re: shell script cgi
From: Brian Hatch <vuln-dev () ifokr org>
Date: Thu, 14 Nov 2002 15:15:54 -0800
I have found the line below in an sh cgi program, and believe I can pass a command to the shell but can't seem to get it to work right. No matter what I try as the HTTP_USER_AGENT it interprets it as a string in the echo command & I can't get it to break it into a new command. Nothing is done to HTTP_USER_AGENT before this line...it's just reading it directly from the environment. Any help you may have is very much appreciated. Thanks ua=`echo "$HTTP_USER_AGENT" | sed "s#\;##g"`
Anyone else remembering the 'nph-finger' days of yore? It had echo QUERY_STRING = $QUERY_STRING you could pass things like '*' to abuse shell filename expansion, and that'd be the best you're going to get out of that code. I don't think you can get it to execute arbitrary commands, no matter what you try. -- Brian Hatch Behavioral Psychology: Systems and Pulling habits out of rats Security Engineer http://www.ifokr.org/bri/ Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- shell script cgi c jones (Nov 14)
- Re: shell script cgi Brian Hatch (Nov 14)
- Re: shell script cgi c jones (Nov 15)
- Re: shell script cgi Philip Rowlands (Nov 16)
- Re: shell script cgi Nick Jacobsen (Nov 16)
- Re: shell script cgi Ed Schmollinger (Nov 17)
- Re: shell script cgi (summary?) c jones (Nov 18)
- Re: shell script cgi (summary?) Brian Fury (Nov 19)
- Re: shell script cgi (summary?) Andre Breiler (Nov 20)
- Re: shell script cgi (summary?) Philip Rowlands (Nov 20)
- Re: shell script cgi (summary?) Brian Hatch (Nov 19)
- Re: shell script cgi Nick Jacobsen (Nov 16)
- Re: shell script cgi Brian Hatch (Nov 14)
- Re: shell script cgi Rajko Zschiegner (Nov 16)