Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Famous last words: "surely this CGI script is safe"

On Mon, Mar 31, 2003 at 04:45:18PM -0500, Seth Gordon wrote:
> I've composed this CGI shell script as an example of backlink-tracing:
> [begin]
> #!/bin/bash
> echo "Content-type: text/plain"
> echo
> # If the linking page isn't in the referers file, add it.
> grep --quiet $HTTP_REFERER referers || echo $HTTP_REFERER >> referers

> Other than filling up my partition with spurious URLs, is there any
> damage that a malicious outsider could do with this script?

I need to find a way to fill this environment variable with an escape
character to invalidate bash's processing of the line, and then insert
my own code.

If $HTTP_REFERER has been previously sanitized to only contain, say,
[A-Za-z0-9_ ] you're fine.


"When in doubt, use brute force."
                   - Ken Thompson

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /