Tim, All ideas appreciated. That's what I need right now.
As for the conversion its the web app that is doing it. So I send a space through BURP and when the app sends the command to the shell it becomes %20. sigh. On Thu 14/06/12 15:07 , "Tim Tomes" [email protected] sent: The server or the browser is doing the conversion? If browser, try using an interception proxy and fiddling with it there. Have you tried '+' instead of space? Just throwing ideas out there at this point. On Jun 14, 2012 8:26 AM, "Matt Summers" wrote: I haven't tried tabs. One thing I forgot to mention is that the limitation on space is because the web server converts the space to %20 and this cant be interpreted by the shell. On Thu 14/06/12 14:14 , "Robin Wood" [email protected] sent: On 14 June 2012 10:18, Matt Summers wrote: > Folks, > > We came across an interesting bug in a web system where we could execute any > system command (on AIX) but we could not enter any spaces in the command and > we would only get the last line of STDOUT. > > Has anyone else come across anything like this? > > The most we were able to do was cat the last line from system files and > determine if a directory existed. > > Cheers, Have you tried using tabs instead of spaces? Robin > Matt > > --- Part time worker full time salary --- > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom";>http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [1] > Main Web Site: http://pauldotcom.com";>http://pauldotcom.com [2] _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [3] Main Web Site: http://pauldotcom.com [4] Links: ------ [1] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [2] http://pauldotcom.com [3] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [4] http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
