Bugtraq mailing list archives
Re: PATCH: faxsurvey
From: vermont () GATE NET (Illuminatus Primus)
Date: Wed, 5 Aug 1998 14:31:45 -0400
On Tue, 4 Aug 1998, Sir Syko wrote:
how does your "patch" do anything except break the cgi? You are telling perl to eval the ECHO command which doesnt exist. Also, the quotes still arent properly terminated.+eval "ECHO "$QUERY_STRING" | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'"should you not make this: eval "$ECHO \'$QUERY_STRING\' | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'"
Actually, both "fixes" will break the CGI. It appears that this script (a bash script) is using the unquote program (part of the hylafax distribution) to parse the query string into a format similar to: key1=value1 key2=value2 .. which bash then evals to set the corresponding variables within the script. Obviously, this is incredibly insecure. There are also many other portions of the script that could be easily exploited.. The best thing to do is to either remove it, or completely rewrite it.
Current thread:
- PATCH: faxsurvey Tom (Aug 04)
- Re: PATCH: faxsurvey Sir Syko (Aug 04)
- Re: PATCH: faxsurvey Illuminatus Primus (Aug 05)
- RSI.0007.05-26-98.SUN.LIBAUTH RSI Advise (Aug 04)
- Re: PATCH: faxsurvey Sir Syko (Aug 04)