Hi, Let me start the story in this way. Please note on param 10 onwards to
param 19. why is my param 1 merge with param 10 - 19.
dumbass@Lucifer:~$ ./repo.sh a 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
18 19 20
param 1: a
param 2: 1
param 3: 2
param 4: 3
param 5: 4
param 6: 5
param 7: 6
param 8:
On Tue, Dec 8, 2015 at 9:58 AM, Kelvin Tan Thiam Teck
wrote:
> dumbass@Lucifer:~$ ./report.sh "echo ln -s /sbin/halt; mv halt ;reboot8 ;*
> reboot*" AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
> AAA AAA AAA AAA
> Before Passing Thru Function: echo ln -s /sbin/halt; mv halt ;re
eh thanks, listed them to show that my param from 10th to 18 is affected,
instead of 18th param only.
On Tue, Dec 8, 2015 at 4:13 PM, Pierre Gaston
wrote:
>
>
> On Tue, Dec 8, 2015 at 9:58 AM, Kelvin Tan Thiam Teck > wrote:
>
>> dumbass@Lucifer:~$ ./report.sh "echo ln -s /sbin/halt; mv halt ;re
dumbass@Lucifer:~$ ./report.sh 'echo' 1 2 3 4 5 6 7 8 9 10
param 1 : echo
param 2 : 1
param 3 : 2
param 4 : 3
param 5 : 4
param 6 : 5
param 7 : 6
param 8 : 7
param 9 : 8
param 10 : echo0
param 11 : echo1
param 12 : echo2
param 13 : echo3
param 14 : echo4
param 15 : echo5
param 16 :
On Tue, Dec 8, 2015 at 10:29 AM, Kelvin Tan Thiam Teck
wrote:
> dumbass@Lucifer:~$ ./report.sh 'echo' 1 2 3 4 5 6 7 8 9 10
> param 1 : echo
> param 2 : 1
> param 3 : 2
> param 4 : 3
> param 5 : 4
> param 6 : 5
> param 7 : 6
> param 8 : 7
> param 9 : 8
> param 10 : echo0
> param 11 : ec
On Tue, Dec 08, 2015 at 09:45:29AM +0800, Kelvin Tan Thiam Teck wrote:
> hi, there's a bug on function that allow attacker to inject parameters.
> function Gateway {
> unset param
> param[7]="$8"
> piaram[8]="$9"
> param[9]="$10"
> param[10]="$11"
> param[11]="$12"
> param[12]="$13"
> param[13]="$
Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKA
On 2015-12-08 08:16, Kelvin Tan Thiam Teck wrote:
Hi,
Please try my payload on that script, before telling me what $@ and $*
does. and see if my param1 injection will cause your system to reboot
on 18th param. it has nothing to do with $@ & $*, it's another bugs on
bash which i found out, similar
On 2015-12-08 02:45, Kelvin Tan Thiam Teck wrote:
hi, there's a bug on function that allow attacker to inject
parameters.
./report.sh "echo ln -s /sbin/halt; mv halt ;reboot8 ; reboot" AAA AAA
AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA AAA
AAA
#!/bin/bash
function library {
On Tue, Dec 08, 2015 at 09:03:08PM +0900, Hyunho Cho wrote:
> # result is in red-colored after external date command output
> # i think there must be no red-colored because { echo 111; date; echo 222 ;}
> only direct to stdout
>
> BASH$ { echo 111; date; echo 222 ;} 2> >( echo -en "\e[01;31m" >&2
10 matches
Mail list logo
