On 6/14/2012 9:01 AM, Joe Sylve wrote:
Try something like this for command execution:
CMD=$'cat\x20/etc/passwd';$CMD
On Thu, Jun 14, 2012 at 7:25 AM, Matt Summers
<[email protected] <mailto:[email protected]>> wrote:
I haven't tried tabs.
One thing I forgot to mention is that the limitation on space is
because the web server converts the space to %20 and this cant be
interpreted by the shell.
Can you just use $IFS for spaces, like this bug:
http://www.mailchannels.com/blog/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/
Or this classic tome:
http://www.scribd.com/doc/81408484/56/The-Ping-Hack
-Josh
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
