On Saturday, April 20, 2002, at 09:00 , Rafael Cotta wrote:
[..]
> The malicious hacker may use:
>
> command01 | command02
>
> I think Linux also has this feature.
>
> Am I right or wrong????
>
> Rafael Cotta
>
> "Alex Read" <[EMAIL PROTECTED]> escreveu na mensagem
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>> Hi John,
>>
>> the form only passes parameters to the shell script,
assume that hard coded in the cgi is
/opt/Cool/bin/Script
and it gets handed
"Stuff | (command01 | command02 )"
then it would be possible for it to show up as a command line
/opt/Cool/bin/Script Stuff | (command01 | command02)
the fun part then is IF the commands can actually
be 'malicious' in their own rights....
so yes, it would be interesting to see what happened ....
if the command were "rm -rf /"
since at best it would be able to hack out only that which
was removable by the UID....
al la something like:
[jeeves:/tmp/drieux/sh] drieux% chmod 755 !$
chmod 755 SillyCode.sh
[jeeves:/tmp/drieux/sh] drieux% cd /tmp/drieux
[jeeves:/tmp/drieux] drieux% /tmp/drieux/sh/SillyCode.sh Stuff | ( cd /tmp/
drieux/sh ; rm *.sh )
[jeeves:/tmp/drieux] drieux% ls -lR sh
[jeeves:/tmp/drieux] drieux% /tmp/drieux/sh/SillyCode.sh Stuff
/tmp/drieux/sh/SillyCode.sh: Command not found.
[jeeves:/tmp/drieux] drieux%
we came we executed, we removed it....
was this the type of 'hack attack' you were concerned about?
ciao
drieux
---
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
