Kelvin:
This is what's typically called a layer 8 issue, or PEBKAC. It just means that
you're failing to understand how bash works.
If you write a script that runs:
#!/bin/bash
sudo poweroff
Is that a vulnerability? No! The script does exactly what you wrote, that is,
to shutdown the machin
On 2015-12-08 02:45, Kelvin Tan Thiam Teck wrote:
hi, there's a bug on function that allow attacker to inject
parameters.
./report.sh "echo ln -s /sbin/halt; mv halt ;reboot8 ; reboot" AAA AAA
AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
AAA
#!/bin/bash
function library {
On 2015-12-08 08:16, Kelvin Tan Thiam Teck wrote:
Hi,
Please try my payload on that script, before telling me what $@ and $*
does. and see if my param1 injection will cause your system to reboot
on 18th param. it has nothing to do with $@ & $*, it's another bugs on
bash which i found out, similar
On Tue, Dec 08, 2015 at 09:45:29AM +0800, Kelvin Tan Thiam Teck wrote:
> hi, there's a bug on function that allow attacker to inject parameters.
> function Gateway {
> unset param
> param[7]="$8"
> piaram[8]="$9"
> param[9]="$10"
> param[10]="$11"
> param[11]="$12"
> param[12]="$13"
> param[13]="$
On Tue, Dec 8, 2015 at 10:29 AM, Kelvin Tan Thiam Teck
wrote:
> dumbass@Lucifer:~$ ./report.sh 'echo' 1 2 3 4 5 6 7 8 9 10
> param 1 : echo
> param 2 : 1
> param 3 : 2
> param 4 : 3
> param 5 : 4
> param 6 : 5
> param 7 : 6
> param 8 : 7
> param 9 : 8
> param 10 : echo0
> param 11 : ec
dumbass@Lucifer:~$ ./report.sh 'echo' 1 2 3 4 5 6 7 8 9 10
param 1 : echo
param 2 : 1
param 3 : 2
param 4 : 3
param 5 : 4
param 6 : 5
param 7 : 6
param 8 : 7
param 9 : 8
param 10 : echo0
param 11 : echo1
param 12 : echo2
param 13 : echo3
param 14 : echo4
param 15 : echo5
param 16 :
eh thanks, listed them to show that my param from 10th to 18 is affected,
instead of 18th param only.
On Tue, Dec 8, 2015 at 4:13 PM, Pierre Gaston
wrote:
>
>
> On Tue, Dec 8, 2015 at 9:58 AM, Kelvin Tan Thiam Teck > wrote:
>
>> dumbass@Lucifer:~$ ./report.sh "echo ln -s /sbin/halt; mv halt ;re
On Tue, Dec 8, 2015 at 9:58 AM, Kelvin Tan Thiam Teck
wrote:
> dumbass@Lucifer:~$ ./report.sh "echo ln -s /sbin/halt; mv halt ;reboot8 ;*
> reboot*" AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
> AAA AAA AAA AAA
> Before Passing Thru Function: echo ln -s /sbin/halt; mv halt ;re
Hi, Let me start the story in this way. Please note on param 10 onwards to
param 19. why is my param 1 merge with param 10 - 19.
dumbass@Lucifer:~$ ./repo.sh a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
18 19 20
param 1: a
param 2: 1
param 3: 2
param 4: 3
param 5: 4
param 6: 5
param 7: 6
param 8:
dumbass@Lucifer:~$ ./report.sh "echo ln -s /sbin/halt; mv halt ;reboot8 ;*
reboot*" AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
AAA AAA AAA AAA
Before Passing Thru Function: echo ln -s /sbin/halt; mv halt ;reboot8 ;
reboot AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
On Tue, Dec 8, 2015 at 9:16 AM, Kelvin Tan Thiam Teck
wrote:
> Hi,
> Please try my payload on that script, before telling me what $@ and $*
> does. and see if my param1 injection will cause your system to reboot on
> 18th param. it has nothing to do with $@ & $*, it's another bugs on bash
> which
Hi,
Please try my payload on that script, before telling me what $@ and $*
does. and see if my param1 injection will cause your system to reboot on
18th param. it has nothing to do with $@ & $*, it's another bugs on bash
which i found out, similar to shockbash, except it's harder to execute due
to
12 matches
Mail list logo
