Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Making a script secure to code injection
Top Forums Shell Programming and Scripting Making a script secure to code injection Post 302949781 by sea on Thursday 16th of July 2015 02:02:14 AM
Old 07-16-2015
A follow up question... (and partialy missing explanation)

If you have a webserver which is using scripts to (print to a 'html-file' to) display information.
Where would you/I need to catch the code injection?
  1. Between the surfer and the page (html -> cgi/php)
  2. Between the server and the script (cgi/php -> shell)
  3. The script has to do all the possible captures (shell)

---------- Post updated at 08:02 ---------- Previous update was at 08:00 ----------

Quote:
Originally Posted by MadeInGermany
"$(hostname)" is substituted - by the calling shell!
I do understand the words, but not in regards of security.
As i understand it, i'd have NO way to possible catch that?

EDIT: Or are you saying its a nonsense test?
Last edited by rbatte1; 07-16-2015 at 08:45 AM.. Reason: Converted to LIST=1 tags from plain text
 

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to secure my script from Ctrl-C

Hi all I am looking for a way to ensure that once a user is logged in and running a script, he cannot break out of it. Thanks J (12 Replies)
Discussion started by: jhansrod
12 Replies

2. Shell Programming and Scripting

f-secure sftp in shell script

Hi, I am trying to use sftp in a ksh - Shell script, but not even a simple script like this returns not output: sftp username@remotehost <<END ls END If I do something like this: sftp username@remotehost <<END | tee logfile ls END I get this error message: Warning: tcgetattr... (1 Reply)
Discussion started by: friand
1 Replies

3. Solaris

Secure FTP Problem using Sun SSH on Client system F-Secure on Server system

I am using shell script to do secure ftp. I have done key file setup to do password less authentication. Following are the FTP Details: FTP Client has Sun SSH. FTP Server has F-Secure. I am using SCP Command to do secure copy files. When I am doing this, I am getting the foll error scp:... (2 Replies)
Discussion started by: ftpguy
2 Replies

4. Shell Programming and Scripting

Secure a KSH script

Hi: I want to secure (prevent Ctrol+C, or Ctrol+Z, or any kind of aborting) this ksh script: #!/usr/bin/ksh clear echo print "CSIA RBAC -- CONFIGURACION --" echo print "1) Habilitar/Desabilitar RBAC en el sistema" print "2) Configurar comandos privados" print "6) Salir" echo... (5 Replies)
Discussion started by: iga3725
5 Replies

5. Programming

Making FORTRAN code more efficient

Hi, I have a very large, very old FORTRAN code that I work with. The code is quite messy and I was wondering if I can speed up execution time by finding subroutines that code execution spends the most time in. Is there any kind of software I can use to see where the code spends most of the... (1 Reply)
Discussion started by: rks171
1 Replies

6. Shell Programming and Scripting

Code for making image pairs for BOS

Hi guys, Those who work with Background Oriented Schlieren (BOS) might wonder how to create image pairs suitable for a PIV image processing software. Here is the code : #!/bin/bash # This is a program to read *.jpg files and save them in pairs for postprocessing nfiles=`ls -1 bild*... (0 Replies)
Discussion started by: chirag.joshi
0 Replies

7. Shell Programming and Scripting

making code compatible to previous bash versions

First let me explain the scenario I have tywo files as usual file1.txt (it has n rows and 8 columns) $1 $2 $3 $4 $5 $6 $7 $8 Code: 1234567|iufgt|iuoy|iout|white |black |red |90879 1234567|iufgt|iuoy|iout|green |pink |blue |90879... (3 Replies)
Discussion started by: s.deepak
3 Replies

8. OS X (Apple)

Code injection

Im needing to create a postinst script for a debian package. I need it to search for this line of script in a plist file located at /folder/folder/folder/folder/folder/file.plist <key>TESTKEYLINE</key> <true/> and after it create a new line and insert this code <key>KEYNAME</key>... (0 Replies)
Discussion started by: iModdr
0 Replies

9. Shell Programming and Scripting

Making use of PWD command in the code

Hi all, Need some help in the following code. (Running this code at cygwin in windows vista) cat /home/ebanpan/Input_Logs/*.log > /home/ebanpan/Input_Logs/input.log sed '/^Total/d;/^Bye/d;/^Output has been logged/d' /home/ebanpan/Input_Logs/input.log > /home/ebanpan/output.log this code... (6 Replies)
Discussion started by: bansalpankaj88
6 Replies

LEARN ABOUT DEBIAN

hobbit-statusreport.cgi

HOBBIT-STATUSREPORT.CGI(1)				      General Commands Manual					HOBBIT-STATUSREPORT.CGI(1)

NAME

       hobbit-statusreport.cgi - CGI program to report a status for a group of servers

SYNOPSIS

       hobbit-statusreport.cgi --column=COLUMNNAME [options]

DESCRIPTION

       hobbit-statusreport.cgi	is  a CGI tool to generate a simple HTML report showing the current status of a single column for a group of Xymon
       hosts.

       E.g. You can use this report to get an overview of all of the SSL certificates that are about to expire.

       The generated webpage is a simple HTML table, suitable for copying into other documents or e-mail.

       hobbit-statusreport.cgi runs as a CGI program, invoked by your webserver.  It is normally run via a wrapper shell-script in the CGI  direc-
       tory for Xymon.

EXAMPLES

       The  Xymon installation includes two web report scripts using this CGI tool: The hobbit-certreport.sh script generates a list of SSL server
       certificates that are yellow or red (i.e. they will expire soon); and the hobbit-nongreen.sh script generates a report of all statuses that
       are  currently  non-green.  These  can be accessed from a web browser through a URL referencing the script in the Xymon CGI directory (e.g.
       "/xymon-cgi/xymon-nongreen.sh").

OPTIONS

       --column=COLUMNNAME
	      Report the status of the COLUMNNAME column.

       --all  Report the status for all hosts known to Xymon. By default, this tool reports only on the hosts found on the current page from where
	      the CGI was invoked (by looking at the "pagepath" cookie).

       --filter=CRITERIA
	      Only  report  on	statuses that match the CRITERIA setting. See the bb(1) man-page - in the "hobbitdboard" command description - for
	      details about specifying filters.

       --heading=HTML
	      Defines the webpage heading - i.e. the "title" tag in the generated HTML code.

       --show-column
	      Include the column name in the display.

       --show-colors
	      Show the status color on the generated webpage. The default is to not show the status color.

       --no-colors
	      Do not include text showing the current color of each status in the report. This is the default.

       --show-summary
	      Show only a summary of the important lines in the status message.  By default, the entire status message appears	in  the  generated
	      HTML code. This option causes the first non-blank line of the status message to be shown, and also any lines beginning with "&COLOR"
	      which is used by many status messages to point out lines of interest (non-green lines only, though).

       --show-message
	      Show the entire message on the webpage. This is the default.

       --link Include HTML links to the host "info" page, and the status page.

       --embedded
	      Only generate the HTML table, not a full webpage. This can be used to embed the status report into an external webpage.

       --env=FILENAME
	      Load the environment from FILENAME before executing the CGI.

       --area=NAME
	      Load environment variables for a specific area. NB: if used, this option must appear before any --env=FILENAME option.

SEE ALSO

       xymon(7)

Xymon							    Version 4.2.3:  4 Feb 2009					HOBBIT-STATUSREPORT.CGI(1)
All times are GMT -4. The time now is 11:14 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy