bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug on function.


From: Quentin
Subject: Re: Bug on function.
Date: Tue, 08 Dec 2015 08:27:13 +0100
User-agent: Roundcube Webmail/1.1.2

On 2015-12-08 08:16, Kelvin Tan Thiam Teck wrote:
Hi,
Please try my payload on that script, before telling me what $@ and $*
does. and see if my param1 injection will cause your system to reboot
on 18th param. it has nothing to do with $@ & $*, it's another bugs on
bash which i found out, similar to shockbash, except it's harder to
execute due to the requirement for it to happen.

Regards
KT


Hi,

I tried your payload on that script, using Bash 4.2.37(1)-release.

It behaves exactly as expected: when calling the Gateway function, $* expands the script's "$1" to separate words and "reboot" becomes the 9th positional parameter to the function. Then 'echo "9th: `$9`"' tries to execute 'reboot' (and fails since I'm not root, in my case). Note all other "echo"s don't have those backticks. Nothing special happens on param 18 since $18 expands as expected to "$1"8 = "echo8" inside the function (and that command does not exist, at least on my system).

Please provide your output to that script (not run as root so as not to make the system reboot) if it's different from what I describe above.

Regards,
Quentin



reply via email to

[Prev in Thread] Current Thread [Next in Thread]