Thanks to everyone who replied regarding my attempts
to stuff shell commands into this line:

> ua=`echo "$HTTP_USER_AGENT" | sed "s#\;##g"`

The summary is that no matter what time of " ' `
characters, shell commands, or termination or escape
characters I tried to put into the $HTTP_USER_AGENT
field I can't get it to execute commands. It's a
surprisingly resilient line of code, most likely due
to the "s around the $HTTP_USER_AGENT variable. I
wouldn't call this type of programming "safe", but
it's not *nearly* as bad as I thought at first.

The $ua variable is not ever used again so there's no
other opportunity to exploit it... it's a very useless
line of code which should be removed anyway--it just
looks very exploitable (and may be by someone out
there ;).

Thanks again to everyone that responded, it was very
much appreciated & got me thinking in all sorts of
different directions.

Regards

__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]