Thanks for all the suggestions and thanks to Josh....it worked a treat. On Fri 15/06/12 03:46 , "Joshua Wright" [email protected] sent: On 6/14/2012 9:01 AM, Joe Sylve wrote: > Try something like this for command execution: > > CMD=$'catx20/etc/passwd';$CMD > > On Thu, Jun 14, 2012 at 7:25 AM, Matt Summers > wrote: > > I haven't tried tabs. > > One thing I forgot to mention is that the limitation on space is > because the web server converts the space to %20 and this cant be > interpreted by the shell.
Can you just use $IFS for spaces, like this bug: http://www.mailchannels.com/blog/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ [1]">http://www.mailchannels.com/blog/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ Or this classic tome: http://www.scribd.com/doc/81408484/56/The-Ping-Hack [2]">http://www.scribd.com/doc/81408484/56/The-Ping-Hack -Josh _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [3]">http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com [4]">http://pauldotcom.com Links: ------ [1] http://www.mailchannels.com/blog/2009/07/amazing-new-exploit-for-linksys-routers-running-dd-wrt/ [2] http://www.scribd.com/doc/81408484/56/The-Ping-Hack [3] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom [4] http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
