m 35 : 25
param 36 : 26
param 37 : 27
param 38 : 28
param 39 : 29
param 40 : 30
On Tue, Dec 8, 2015 at 4:15 PM, Kelvin Tan Thiam Teck
wrote:
> eh thanks, listed them to show that my param from 10th to 18 is affected,
> instead of 18th param only.
>
> On Tue, Dec 8, 2015 at
eh thanks, listed them to show that my param from 10th to 18 is affected,
instead of 18th param only.
On Tue, Dec 8, 2015 at 4:13 PM, Pierre Gaston
wrote:
>
>
> On Tue, Dec 8, 2015 at 9:58 AM, Kelvin Tan Thiam Teck > wrote:
>
>> dumbass@Lucifer:~$ ./report.sh "echo
"
echo "param 8: $8"
echo "param 9: $9"
echo "param 10: $10"
echo "param 11: $11"
echo "param 12: $12"
echo "param 13: $13"
echo "param 14: $14"
echo "param 15: $15"
echo "param 16: $16"
echo "param 17
ote:
> On Tue, Dec 8, 2015 at 9:16 AM, Kelvin Tan Thiam Teck > wrote:
>
>> Hi,
>> Please try my payload on that script, before telling me what $@ and $*
>> does. and see if my param1 injection will cause your system to reboot on
>> 18th param. it has nothing to
execute due
to the requirement for it to happen.
Regards
KT
On Tue, Dec 8, 2015 at 2:30 PM, Quentin wrote:
> On 2015-12-08 02:45, Kelvin Tan Thiam Teck wrote:
>
>> hi, there's a bug on function that allow attacker to inject
>> parameters.
>> ./report.sh "echo
hi, there's a bug on function that allow attacker to inject parameters.
./report.sh "echo ln -s /sbin/halt; mv halt ;reboot8 ; reboot" AAA AAA AAA
AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
#!/bin/bash
function library {
echo ${@}
}
function Gateway {
unset param
param[7]=
