PaulDotCom mailing list archives
Re: Command injection with no spaces
From: Matt Summers <matt () fireantsecurity co uk>
Date: Fri, 15 Jun 2012 17:14:43 +0100
Thanks for all the suggestions and thanks to Josh....it worked a treat. On Fri 15/06/12 03:46 , "Joshua Wright" jwright () hasborg com sent: On 6/14/2012 9:01 AM, Joe Sylve wrote:
Try something like this for command execution: CMD=$'catx20/etc/passwd';$CMD On Thu, Jun 14, 2012 at 7:25 AM, Matt Summers wrote: I haven't tried tabs. One thing I forgot to mention is that the limitation on space is because the web server converts the space to %20 and this cant be interpreted by the shell.
Can you just use $IFS for spaces, like this bug: http://www.mailchannels.com/blog/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ [1]">http://www.mailchannels.com/blog/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ Or this classic tome: http://www.scribd.com/doc/81408484/56/The-Ping-Hack [2]">http://www.scribd.com/doc/81408484/56/The-Ping-Hack -Josh _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [3]">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com [4]">http://pauldotcom.com Links: ------ [1] http://www.mailchannels.com/blog/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ [2] http://www.scribd.com/doc/81408484/56/The-Ping-Hack [3] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [4] http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: Command injection with no spaces, (continued)
- Re: Command injection with no spaces Pat Moloney (Jun 14)
- Re: Command injection with no spaces Robin Wood (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Frisch, Daniel (JUS) (Jun 14)
- Re: Command injection with no spaces Joe Sylve (Jun 14)
- Re: Command injection with no spaces Joshua Wright (Jun 14)
- Re: Command injection with no spaces Champ Clark III (Jun 14)
- Re: Command injection with no spaces Tim Tomes (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 15)