Re: shell script cgi

From: Ralf Dreibrodt (ralfat_private)
Date: Sun Nov 17 2002 - 07:09:17 PST

Next message: sockz loves you: "[Full-Disclosure] Security Industry Under Scrutiny: Part Two"

Previous message: Ed Schmollinger: "Re: shell script cgi"
In reply to: Brian Hatch: "Re: shell script cgi"
Next in thread: Rajko Zschiegner: "Re: shell script cgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

here is another try, that sometimes works:

Brian Hatch wrote:
> To emulate this, let's set it ourselves in a normal shell:
> 
>         bash$ export VAR='`cat /etc/passwd`'
>         bash$ echo $VAR
>         `cat /etc/passwd`

bash:~# export VAR='-e test\ntest'
bash:~# echo $VAR
test
test
bash:~# echo "$VAR"
-e test\ntest
bash:~# 

well, the "$VAR" means, that $VAR is the first argument for echo.

IMHO there is nothing you can do to execute code in this statement.

bye
ralf

Next message: sockz loves you: "[Full-Disclosure] Security Industry Under Scrutiny: Part Two"
Previous message: Ed Schmollinger: "Re: shell script cgi"
In reply to: Brian Hatch: "Re: shell script cgi"
Next in thread: Rajko Zschiegner: "Re: shell script cgi"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Nov 17 2002 - 21:55:36 PST