Re: Shell output in perl CGI

Slightly off topic, but worth mentioning. Be very careful if you are executing a shell command that contains any user supplied input. An attacker could conceivably append a ; and an arbitrary command on the parameter input and have it execute on your web server. Some validation of the input before it is executed would be a good thing

VGhpcyBtZXNzYWdlIGludGVudGlvbmFsbHkgcG9pbnRsZXNz

Comment on Re: Shell output in perl CGI

Replies are listed 'Best First'.
Re^2: Shell output in perl CGI by jpk236 (Monk) on Feb 04, 2005 at 14:02 UTC
yes; that can be scary, and is along the same lines as SQL Injection. Although, some good can come of it. I once had to write a script to bring sshd back up after it crashed from an OpenSSL upgrade messing up. Justin	[reply]
Re^3: Shell output in perl CGI by jpk236 (Monk) on Feb 04, 2005 at 15:58 UTC
to clear confusion, since most of you are probably wondering "well -- if sshd was down -- how did he write the script?" I wrote the script in notepad; uploaded it via the ftp daemon which was still running; then executed the script by moving it to my public_html dir and going to it from a browser. Justin	[reply]