Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development: Re: shell script cgi

Re: shell script cgi

From: mlh <mlh_at_zip.com.au>
Date: Mon, 18 Nov 2002 21:02:07 +1100

c jones writes in part
>
> ua=`echo "$HTTP_USER_AGENT" | sed "s#\;##g"`
>

One thing that is odd about this scrap of code is
why one would bother removing the ';' yet leave
all sorts of other character sequences that are equally
meaningful to the shell, for instance &, &&, |, || etc.
Also ^ for older shells.

Matt
Received on Nov 18 2002

This message: [ Message body ]
Next message: Ketil Braun Larsen: "Remote service shutdown in mailenable (newest)"
Previous message: Dan Kaminsky: "Paketto Keiretsu 1.0 Released"
In reply to: c jones: "shell script cgi"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]