On Fri, Mar 8, 2013 at 1:54 PM, <nagia.rets...@gmail.com> wrote: > Τη Παρασκευή, 8 Μαρτίου 2013 8:54:15 μ.μ. UTC+2, ο χρήστης Steven D'Aprano > έγραψε: > >> >>> -c ''; rm -rf /; oops.py > >> Please don't tell the newbies to destroy their system, no matter how >> tempting it might be. > > What that "-c ''" options i keep seeing in the attempts to pass bogus info in > my 'page' variable? > > And hows oops.py relevant? Such file doesnt nto exist in my webssever.
The command that gets run is "python %s > %s", where the page variable is substituted in for the first %s. If you perform that substitution, you will get: python -c ''; rm -rf /; oops.py > /path/to/some/temp/file So the -c is an option to Python. It means that instead of reading a script, Python should run commands passed on the command line in the next argument. That's the ''. It's empty, so what this instructs Python is to do nothing at all. The second command in this shell script is "rm -rf /". I assume you know what that would do. The third command is "oops.py > /path/to/some/tempfile". The fact that oops.py does not exist is not important, because the attacker does not care what this command does. The payload of the attack was already delivered in the second command. The only reason for this is because it ends in .py, which is what the web server is looking for when deciding whether to run a script. The word "oops" here is just for levity. -- http://mail.python.org/mailman/listinfo/python-list
