Re: Command injection with no spaces

[Champ Clark III <cclark () quadrantsec com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> Can you just use $IFS for spaces, like this bug:
>
> http://www.mailchannels.com/blog/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/
>
>
> Or this classic tome:
>
> http://www.scribd.com/doc/81408484/56/The-Ping-Hack

Nice call Josh..  This morning I was playing with IFS,  but trying to
redefine (ie - IFS=+ rather than white space),  which.. of course,
didn't really work out.

This is much simpler/sane..  $IFS will default to a white space..  why
redefine it, it you can use what's there :)

- -- 
- - Champ Clark III (cclark () quadrantsec com)
  Quadrant Information Security (http://quadrantsec.com)
  Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
  GPG Key ID: 0381878A
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJP2pwWAAoJENnmXt7Lmc3KjQEH/A2MAKUc9pL/pJ/1g9F9mINx
1cwDZo1w4MNOIQUjt4wFdkm0EGP9FItoq5aAAoYkdh9yE9GViwtejaZHKavG+xt7
Pcy/L45+ihcSJbMu2zYRbTrWkwZG6dkk8jqKNCJuyva+qEgELSXabfg9X1Us5ZB4
us7yeJ2jfkSPuCkwKJfItPwokUaczW7mYrHBBOwmPnoC1IydcLsLshhP0e0yDLDD
vmQxzR9dDZIBWOOIQhygOETL7kKlnHXBlTqTkYn8/f3zhl1n7E/Ngf60H6qKBFd2
if8X4bBjbdmRYpLherLjj4VlvZkuUlgq7WEdlB6xE8B+4vSCV0rzYV0SKK5kwqI=
=kHb+
-----END PGP SIGNATURE-----
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com