On Tue, 4 Aug 1998, Sir Syko wrote: > > how does your "patch" do anything except break the cgi? You are telling perl to > eval the ECHO command which doesnt exist. Also, the quotes still arent properly > terminated. > > > +eval "ECHO "$QUERY_STRING" | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'" > > > > should you not make this: > > eval "$ECHO \'$QUERY_STRING\' | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'" > Actually, both "fixes" will break the CGI. It appears that this script (a bash script) is using the unquote program (part of the hylafax distribution) to parse the query string into a format similar to: key1=value1 key2=value2 .. which bash then evals to set the corresponding variables within the script. Obviously, this is incredibly insecure. There are also many other portions of the script that could be easily exploited.. The best thing to do is to either remove it, or completely rewrite it.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:11:25 PDT