Vulnerability Development mailing list archives
Re: shell script cgi (summary?)
From: Brian Fury <brianfury () blueyonder co uk>
Date: Tue, 19 Nov 2002 06:40:28 +0000
On Mon, 18 Nov 2002, you wrote:
Thanks to everyone who replied regarding my attempts to stuff shell commands into this line:ua=`echo "$HTTP_USER_AGENT" | sed "s#\;##g"`
Obviously I can't speak authoratively here... I mean the ueber-skilled team vuln-dev people who are payed to do this sort of thing may have top-secret zero-day reasons why this might not work.... but hey it worked for me. [root@localhost lib]# export LAME=""whoami"""" [root@localhost lib]# `echo "$LAME" | sed "s#\;##g"` root [root@localhost lib]# wh00pz - lookz like command execution to me In case you didn't realise - it'z the ` and ` characters around the whole expression that allowz uz command execution.... [root@localhost lib]# echo $LAME whoami [root@localhost lib]# `echo $LAME` root [root@localhost lib]# BTW - it workz fine in a shell script..... I'm sure somone has already mentioned this.... Best Regardz Brian Fury "You gonna feel the power of my move, you ready?"
Current thread:
- shell script cgi c jones (Nov 14)
- Re: shell script cgi Brian Hatch (Nov 14)
- Re: shell script cgi c jones (Nov 15)
- Re: shell script cgi Philip Rowlands (Nov 16)
- Re: shell script cgi Nick Jacobsen (Nov 16)
- Re: shell script cgi Ed Schmollinger (Nov 17)
- Re: shell script cgi (summary?) c jones (Nov 18)
- Re: shell script cgi (summary?) Brian Fury (Nov 19)
- Re: shell script cgi (summary?) Andre Breiler (Nov 20)
- Re: shell script cgi (summary?) Philip Rowlands (Nov 20)
- Re: shell script cgi (summary?) Brian Hatch (Nov 19)
- Re: shell script cgi Nick Jacobsen (Nov 16)
- Re: shell script cgi Brian Hatch (Nov 14)
- Re: shell script cgi Rajko Zschiegner (Nov 16)
- Re: shell script cgi mlh (Nov 18)
- <Possible follow-ups>
- RE: shell script cgi Rajko Zschiegner (Nov 16)
- Re: shell script cgi Brian Hatch (Nov 16)
- Re: shell script cgi Ralf Dreibrodt (Nov 17)
- Re: shell script cgi mlh (Nov 18)
- Re: shell script cgi Brian Hatch (Nov 16)