PaulDotCom mailing list archives
Re: Command injection with no spaces
From: Matt Summers <matt () fireantsecurity co uk>
Date: Thu, 14 Jun 2012 18:16:37 +0100
Tim, All ideas appreciated. That's what I need right now. As for the conversion its the web app that is doing it. So I send a space through BURP and when the app sends the command to the shell it becomes %20. sigh. On Thu 14/06/12 15:07 , "Tim Tomes" tjt1980 () gmail com sent: The server or the browser is doing the conversion? If browser, try using an interception proxy and fiddling with it there. Have you tried '+' instead of space? Just throwing ideas out there at this point. On Jun 14, 2012 8:26 AM, "Matt Summers" wrote: I haven't tried tabs. One thing I forgot to mention is that the limitation on space is because the web server converts the space to %20 and this cant be interpreted by the shell. On Thu 14/06/12 14:14 , "Robin Wood" robin () digininja org sent: On 14 June 2012 10:18, Matt Summers wrote:
Folks, We came across an interesting bug in a web system where we could
execute any
system command (on AIX) but we could not enter any spaces in the
command and
we would only get the last line of STDOUT. Has anyone else come across anything like this? The most we were able to do was cat the last line from system files and determine if a directory existed. Cheers,
Have you tried using tabs instead of spaces? Robin
Matt --- Part time worker full time salary --- _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [1]
Main Web Site: http://pauldotcom.com">http://pauldotcom.com [2]
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [3] Main Web Site: http://pauldotcom.com [4] Links: ------ [1] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [2] http://pauldotcom.com [3] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [4] http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Jim Halfpenny (Jun 14)
- Re: Command injection with no spaces Pat Moloney (Jun 14)
- Re: Command injection with no spaces Robin Wood (Jun 14)
- <Possible follow-ups>
- Re: Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Frisch, Daniel (JUS) (Jun 14)
- Re: Command injection with no spaces Joe Sylve (Jun 14)
- Re: Command injection with no spaces Joshua Wright (Jun 14)
- Re: Command injection with no spaces Champ Clark III (Jun 14)
- Re: Command injection with no spaces Tim Tomes (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 14)
- Re: Command injection with no spaces Matt Summers (Jun 15)