[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug on function.
From: |
Greg Wooledge |
Subject: |
Re: Bug on function. |
Date: |
Tue, 8 Dec 2015 08:08:19 -0500 |
User-agent: |
Mutt/1.4.2.3i |
On Tue, Dec 08, 2015 at 09:45:29AM +0800, Kelvin Tan Thiam Teck wrote:
> hi, there's a bug on function that allow attacker to inject parameters.
> function Gateway {
> unset param
> param[7]="$8"
> piaram[8]="$9"
> param[9]="$10"
> param[10]="$11"
> param[11]="$12"
> param[12]="$13"
> param[13]="$14"
> param[14]="$15"
> param[15]="$16"
> param[16]="$17"
> param[17]="$18"
> param[18]="$19"
> #echo "After Passing Thru Function: ${param[@]}"
> echo "9th: `$9`"
Your bug is right there on that line. You have backticks around $9 which
means you execute the value of $9 as a command. This is your function's
fault, not bash's fault.
- Bug on function., Kelvin Tan Thiam Teck, 2015/12/07
- Re: Bug on function.,
Greg Wooledge <=
- Re: Bug on function., Quentin, 2015/12/08
- Re: Bug on function., Kelvin Tan Thiam Teck, 2015/12/08
- Re: Bug on function., Pierre Gaston, 2015/12/08
- Re: Bug on function., Kelvin Tan Thiam Teck, 2015/12/08
- Re: Bug on function., Kelvin Tan Thiam Teck, 2015/12/08
- Re: Bug on function., Pierre Gaston, 2015/12/08
- Re: Bug on function., Kelvin Tan Thiam Teck, 2015/12/08
- Re: Bug on function., Kelvin Tan Thiam Teck, 2015/12/08
- Re: Bug on function., Pierre Gaston, 2015/12/08
- Re: Bug on function., Quentin, 2015/12/08