Bugtraq mailing list archives
Re: Vulnerability in multiple "now playing" scripts for various IRC clients
From: Michael Tharp <gxti () partiallystapled com>
Date: Wed, 15 Aug 2007 13:34:38 -0400
v9 () fakehalo us wrote:
I may be rusty with knowledge about mirc (say almost 10 years out of date)...but, in what situation would the pipe ('|') ever be processed from a variable, even if it was read from a mp3 ID3?
This is probably a bigger concern for *nix scripts, especially of the homebrew variety where the owner hacks something out in 20 minutes and never looks at it again. While the attacker might not have access to the source code, they shouldn't have any problems defeating simple substitution onto a command line. -- m. tharp
Current thread:
- Vulnerability in multiple "now playing" scripts for various IRC clients Wouter Coekaerts (Aug 13)
- <Possible follow-ups>
- Re: Vulnerability in multiple "now playing" scripts for various IRC clients v9 (Aug 15)
- Re: Vulnerability in multiple "now playing" scripts for various IRC clients Michael Tharp (Aug 15)
- Re: Vulnerability in multiple "now playing" scripts for various IRC clients Wouter Coekaerts (Aug 16)