|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
PATCH: faxsurvey
Tom (dod
muenster.net)Tue, 4 Aug 1998 07:43:42 -0700
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Pierre Beyssac: "[pb: Re: A way to prevent buffer overflow exploits? (was: "Any"
- Previous message: Tom: "remote exploit in faxsurvey cgi-script"
- Next in thread: Sir Syko: "Re: PATCH: faxsurvey"
Hi.
Here comes the patch for the 'faxsurvey' cgi-script.
The problem is the quotation marks for the 'eval' command.
Will they ever learn?
Don't forget to remove/chown 'faxsurvey.orig' after patching.
Cheers
Tom
--- faxsurvey.orig Mon Dec 1 01:05:47 1997
+++ faxsurvey Fri Jul 31 11:59:21 1998
-44,7 +44,7
#
# Be careful here.
#
-eval `$ECHO "$QUERY_STRING" | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'`
+eval "ECHO "$QUERY_STRING" | $UNQUOTE -qn | $SED 's/PATH=[^;]*;//g'"
echoMail()
{
[EOM]
- Next message: Pierre Beyssac: "[pb: Re: A way to prevent buffer overflow exploits? (was: "Any"
- Previous message: Tom: "remote exploit in faxsurvey cgi-script"
- Next in thread: Sir Syko: "Re: PATCH: faxsurvey"