[ale] More on name=value
Eric Z. Ayers
eric.ayers at mindspring.com
Sat Jul 17 09:13:02 EDT 1999
SORRY! I was thinking of it as a general shell script problem, not as
running it from a web page... If this were perl, it would be a
snap...
$ARGV[0]=~/=(.*)$/;
$value=$1;
and you'd have your value out in a jiffy!
-Eric.
Mike Fletcher writes:
> >>>>> "Bert" == Bert Hiddink <hiddink at sipromicro.com> writes:
>
>
> Bert> #!/bin/sh
> Bert> echo Content-type:text/html
> Bert> echo
>
> Bert> eval $1
>
> This is BAD. For those in the audience fuzzy on the whole
> good/bad thing, imagine the following URL:
>
> http://my.host.net/cgi-bin/bad-idea?/bin/sh
>
> The script above would then have blithely executed a shell for
> me which I could POST scripts into. Granted that if the httpd is
> setup correctly it shouldn't drop me into a root shell, but I've got
> access to your box anyhow and could swipe any data available to the
> uid the httpd is running as. Not to mention having my foot in the
> door and potentially being able to work my way up to root access.
>
> You (and whomever sugguested using eval like this :) really
> should read the WWW Security FAQ, especially the section on CGI's.
>
> And learn perl. :)
>
> http://www.w3.org/Security/Faq/www-security-faq.html
> http://www.w3.org/Security/Faq/wwwsf4.html
>
>
> --
> Fletch | __`'/|
> fletch at phydeaux.org | "I drank what?" -- Socrates \ o.O'
> 678 443-6239(w) | =(___)=
> | U
More information about the Ale
mailing list