[Gnumed-devel] re: hacked

gnumed-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Gnumed-devel] re: hacked

From:	flotsamjetsom
Subject:	[Gnumed-devel] re: hacked
Date:	Wed, 24 Nov 2004 10:12:38 +1100
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913



The exploit can  gain the privileges of the users as which TWiki and the web
server run through the global search function of TWiki, allowing to execute
arbitrary shell commands as that user.

this sounds like quite a well known way of exploiting web servers; didthe command filterthrough an escape() function ( escapes separater characters such as ;which can end a search command andallow the rest of the input string to be fed as a perl/ php or whatevermethod call)?

that was what I remember how a php tuturial ( 3 years ago) recommended
pre-processing user input that is used as a command parameter.

[Prev in Thread]

Current Thread

[Next in Thread]

[Gnumed-devel] re: hacked, flotsamjetsom <=
- [Gnumed-devel] re: hacked, catmat, 2004/11/23

Prev by Date: Re: [Gnumed-devel] Re: backing up TWiki (was Re: offline: TWiki down, can we restart?)
Next by Date: [Gnumed-devel] re: hacked
Previous by thread: [Gnumed-devel] Re: backing up TWiki (was Re: offline: TWiki down, can we restart?)
Next by thread: [Gnumed-devel] re: hacked
Index(es):
- Date
- Thread