Thanks Chet and Dennis,
Dennis, your workaround did work.
Regards,
Em sáb, 5 de dez de 2015 às 18:58, Chet Ramey
escreveu:
> On 12/4/15 1:25 PM, Luiz Angelo Daros de Luca wrote:
>
> > Bash Version: 4.2
> > Patch Level: 53
> > Release Status: release
> >
> > Description:
> > While writing a scr
hi, there's a bug on function that allow attacker to inject parameters.
./report.sh "echo ln -s /sbin/halt; mv halt ;reboot8 ; reboot" AAA AAA AAA
AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
#!/bin/bash
function library {
echo ${@}
}
function Gateway {
unset param
param[7]=
Hi,
Please try my payload on that script, before telling me what $@ and $*
does. and see if my param1 injection will cause your system to reboot on
18th param. it has nothing to do with $@ & $*, it's another bugs on bash
which i found out, similar to shockbash, except it's harder to execute due
to
On Tue, Dec 8, 2015 at 9:16 AM, Kelvin Tan Thiam Teck
wrote:
> Hi,
> Please try my payload on that script, before telling me what $@ and $*
> does. and see if my param1 injection will cause your system to reboot on
> 18th param. it has nothing to do with $@ & $*, it's another bugs on bash
> which
dumbass@Lucifer:~$ ./report.sh "echo ln -s /sbin/halt; mv halt ;reboot8 ;*
reboot*" AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
AAA AAA AAA AAA
Before Passing Thru Function: echo ln -s /sbin/halt; mv halt ;reboot8 ;
reboot AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
