On Tue, Dec 08, 2015 at 09:45:29AM +0800, Kelvin Tan Thiam Teck wrote:
> hi, there's a bug on function that allow attacker to inject parameters.
> function Gateway {
> unset param
> param[7]="$8"
> piaram[8]="$9"
> param[9]="$10"
> param[10]="$11"
> param[11]="$12"
> param[12]="$13"
> param[13]="$14"
> param[14]="$15"
> param[15]="$16"
> param[16]="$17"
> param[17]="$18"
> param[18]="$19"
> #echo "After Passing Thru Function: ${param[@]}"
> echo "9th: `$9`"
Your bug is right there on that line. You have backticks around $9 which
means you execute the value of $9 as a command. This is your function's
fault, not bash's fault.
