Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: shell script cgi

Re: shell script cgi

From: Rajko Zschiegner <rajko_at_ricki-z.com>
Date: Fri, 15 Nov 2002 00:03:12 +0100

Hi,

may be this line solves your problem:

ua=`echo \`$HTTP_USER_AGENT\` | sed "s#\;##g"`

Regards,

Rajko Zschiegner

c jones wrote:

>Hi,
>
>I have found the line below in an sh cgi program, and
>believe I can pass a command to the shell but can't
>seem to get it to work right. No matter what I try as
>the HTTP_USER_AGENT it interprets it as a string in
>the echo command & I can't get it to break it into a
>new command. Nothing is done to HTTP_USER_AGENT before
>this line...it's just reading it directly from the
>environment.
>
>Any help you may have is very much appreciated.
>
>Thanks
>
>ua=`echo "$HTTP_USER_AGENT" | sed "s#\;##g"`
>
>
>
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Web Hosting - Let the expert host your site
>http://webhosting.yahoo.com
>
Received on Nov 16 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos