PaulDotCom mailing list archives
Re: Command injection with no spaces
From: Joshua Wright <jwright () hasborg com>
Date: Thu, 14 Jun 2012 21:46:00 -0400
On 6/14/2012 9:01 AM, Joe Sylve wrote:
Try something like this for command execution: CMD=$'cat\x20/etc/passwd';$CMD On Thu, Jun 14, 2012 at 7:25 AM, Matt Summers <matt () fireantsecurity co uk <mailto:matt () fireantsecurity co uk>> wrote: I haven't tried tabs. One thing I forgot to mention is that the limitation on space is because the web server converts the space to %20 and this cant be interpreted by the shell.
Can you just use $IFS for spaces, like this bug: http://www.mailchannels.com/blog/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ Or this classic tome: http://www.scribd.com/doc/81408484/56/The-Ping-Hack -Josh _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Jim Halfpenny (Jun 14)
- Re: Command injection with no spaces Pat Moloney (Jun 14)
- Re: Command injection with no spaces Robin Wood (Jun 14)
- <Possible follow-ups>
- Re: Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Frisch, Daniel (JUS) (Jun 14)
- Re: Command injection with no spaces Joe Sylve (Jun 14)
- Re: Command injection with no spaces Joshua Wright (Jun 14)
- Re: Command injection with no spaces Champ Clark III (Jun 14)
- Re: Command injection with no spaces Tim Tomes (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 15)