07-16-2015
A follow up question... (and partialy missing explanation)
If you have a webserver which is using scripts to (print to a 'html-file' to) display information.
Where would you/I need to catch the code injection?
- Between the surfer and the page (html -> cgi/php)
- Between the server and the script (cgi/php -> shell)
- The script has to do all the possible captures (shell)
---------- Post updated at 08:02 ---------- Previous update was at 08:00 ----------
Quote:
Originally Posted by
MadeInGermany
"$(hostname)" is substituted - by the calling shell!
I do understand the words, but not in regards of security.
As i understand it, i'd have NO way to possible catch that?
EDIT: Or are you saying its a nonsense test?
Last edited by rbatte1; 07-16-2015 at 08:45 AM..
Reason: Converted to LIST=1 tags from plain text
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi all
I am looking for a way to ensure that once a user is logged in and running a script, he cannot break out of it.
Thanks
J (12 Replies)
Discussion started by: jhansrod
12 Replies
2. Shell Programming and Scripting
Hi,
I am trying to use sftp in a ksh - Shell script, but not even a simple script like this returns not output:
sftp username@remotehost <<END
ls
END
If I do something like this:
sftp username@remotehost <<END | tee logfile
ls
END
I get this error message:
Warning: tcgetattr... (1 Reply)
Discussion started by: friand
1 Replies
3. Solaris
I am using shell script to do secure ftp. I have done key file setup to do password less authentication. Following are the FTP Details:
FTP Client has Sun SSH.
FTP Server has F-Secure.
I am using SCP Command to do secure copy files. When I am doing this, I am getting the foll error
scp:... (2 Replies)
Discussion started by: ftpguy
2 Replies
4. Shell Programming and Scripting
Hi:
I want to secure (prevent Ctrol+C, or Ctrol+Z, or any kind of aborting) this ksh script:
#!/usr/bin/ksh
clear
echo
print "CSIA RBAC -- CONFIGURACION --"
echo
print "1) Habilitar/Desabilitar RBAC en el sistema"
print "2) Configurar comandos privados"
print "6) Salir"
echo... (5 Replies)
Discussion started by: iga3725
5 Replies
5. Programming
Hi, I have a very large, very old FORTRAN code that I work with. The code is quite messy and I was wondering if I can speed up execution time by finding subroutines that code execution spends the most time in. Is there any kind of software I can use to see where the code spends most of the... (1 Reply)
Discussion started by: rks171
1 Replies
6. Shell Programming and Scripting
Hi guys,
Those who work with Background Oriented Schlieren (BOS) might wonder how to create image pairs suitable for a PIV image processing software.
Here is the code :
#!/bin/bash
# This is a program to read *.jpg files and save them in pairs for postprocessing
nfiles=`ls -1 bild*... (0 Replies)
Discussion started by: chirag.joshi
0 Replies
7. Shell Programming and Scripting
First let me explain the scenario
I have tywo files as usual
file1.txt (it has n rows and 8 columns)
$1 $2 $3 $4 $5 $6 $7 $8
Code:
1234567|iufgt|iuoy|iout|white |black |red |90879
1234567|iufgt|iuoy|iout|green |pink |blue |90879... (3 Replies)
Discussion started by: s.deepak
3 Replies
8. OS X (Apple)
Im needing to create a postinst script for a debian package. I need it to search for this line of script in a plist file located at /folder/folder/folder/folder/folder/file.plist
<key>TESTKEYLINE</key>
<true/>
and after it create a new line and insert this code
<key>KEYNAME</key>... (0 Replies)
Discussion started by: iModdr
0 Replies
9. Shell Programming and Scripting
Hi all,
Need some help in the following code. (Running this code at cygwin in windows vista)
cat /home/ebanpan/Input_Logs/*.log > /home/ebanpan/Input_Logs/input.log
sed '/^Total/d;/^Bye/d;/^Output has been logged/d' /home/ebanpan/Input_Logs/input.log > /home/ebanpan/output.log
this code... (6 Replies)
Discussion started by: bansalpankaj88
6 Replies
LEARN ABOUT MOJAVE
platform::shell
platform::shell(n) Tcl Bundled Packages platform::shell(n)
__________________________________________________________________________________________________________________________________________________
NAME
platform::shell - System identification support code and utilities
SYNOPSIS
package require platform::shell ?1.1.4?
platform::shell::generic shell
platform::shell::identify shell
platform::shell::platform shell
_________________________________________________________________
DESCRIPTION
The platform::shell package provides several utility commands useful for the identification of the architecture of a specific Tcl shell.
This package allows the identification of the architecture of a specific Tcl shell different from the shell running the package. The only
requirement is that the other shell (identified by its path), is actually executable on the current machine.
While for most platform this means that the architecture of the interrogated shell is identical to the architecture of the running shell
this is not generally true. A counter example are all platforms which have 32 and 64 bit variants and where a 64bit system is able to run
32bit code. For these running and interrogated shell may have different 32/64 bit settings and thus different identifiers.
For applications like a code repository it is important to identify the architecture of the shell which will actually run the installed
packages, versus the architecture of the shell running the repository software.
COMMANDS
platform::shell::identify shell
This command does the same identification as platform::identify, for the specified Tcl shell, in contrast to the running shell.
platform::shell::generic shell
This command does the same identification as platform::generic, for the specified Tcl shell, in contrast to the running shell.
platform::shell::platform shell
This command returns the contents of tcl_platform(platform) for the specified Tcl shell.
KEYWORDS
operating system, cpu architecture, platform, architecture
platform::shell 1.1.4 platform::shell(n)