Vulnerability Development mailing list archives
Re: shell script cgi (summary?)
From: Andre Breiler <andre.breiler () teamwerk com>
Date: Tue, 19 Nov 2002 19:26:15 +0000 (GMT)
On Tue, 19 Nov 2002, Brian Fury wrote:
On Mon, 18 Nov 2002, you wrote:Thanks to everyone who replied regarding my attempts to stuff shell commands into this line:ua=`echo "$HTTP_USER_AGENT" | sed "s#\;##g"`top-secret zero-day reasons why this might not work.... but hey it worked for me.
It shouldn't as long as you don't change the meaning of it.
[root@localhost lib]# export LAME=""whoami"""" [root@localhost lib]# `echo "$LAME" | sed "s#\;##g"` root [root@localhost lib]# wh00pz - lookz like command execution to me
Yes that will work because the shell expands the `...` into "whoami". So that you have: [root@localhost lib]# 'whoami' after expansion. In the original example the expanded bit got stored in an variable so the after expansion the command would look like: [root@localhost lib]# ua='whoami' . So no futher execution (notes I used ' to show that the shell expands things only once).
In case you didn't realise - it'z the ` and ` characters around the whole expression that allowz uz command execution....
Yes the idea behin `` is that it gets executed and replaced by the output of it. If this output will get executed depends if you are useing the output as command (your example) or not (the original example). Bye Andre'
Current thread:
- shell script cgi c jones (Nov 14)
- Re: shell script cgi Brian Hatch (Nov 14)
- Re: shell script cgi c jones (Nov 15)
- Re: shell script cgi Philip Rowlands (Nov 16)
- Re: shell script cgi Nick Jacobsen (Nov 16)
- Re: shell script cgi Ed Schmollinger (Nov 17)
- Re: shell script cgi (summary?) c jones (Nov 18)
- Re: shell script cgi (summary?) Brian Fury (Nov 19)
- Re: shell script cgi (summary?) Andre Breiler (Nov 20)
- Re: shell script cgi (summary?) Philip Rowlands (Nov 20)
- Re: shell script cgi (summary?) Brian Hatch (Nov 19)
- Re: shell script cgi Nick Jacobsen (Nov 16)
- Re: shell script cgi Brian Hatch (Nov 14)
- Re: shell script cgi Rajko Zschiegner (Nov 16)
- Re: shell script cgi mlh (Nov 18)
- <Possible follow-ups>
- RE: shell script cgi Rajko Zschiegner (Nov 16)
- Re: shell script cgi Brian Hatch (Nov 16)
- Re: shell script cgi Ralf Dreibrodt (Nov 17)
- Re: shell script cgi mlh (Nov 18)
- Re: shell script cgi Brian Hatch (Nov 16)