On Mon, 1 Jun 2015 06:05:28 -0400 Josh Grosse j...@jggimi.homeip.net wrote:
On Mon, Jun 01, 2015 at 04:45:01AM -0400, dan mclaughlin wrote:
On Sun, 31 May 2015 22:20:17 -0500 Okupandolared kan...@darkmail.mx wrote:
does not exist,
so I can copy /usr/bin/whoami to
On Sun, 31 May 2015 22:20:17 -0500 Okupandolared kan...@darkmail.mx wrote:
does not exist,
so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami?
that try ls and /bin/ls and /var/www/bin/ls
and it does not work,
/bin/ls exist
/var/www/bin/ls exist
thanks
On 05/31/15 19:43, Zé
On Mon, Jun 01, 2015 at 04:45:01AM -0400, dan mclaughlin wrote:
On Sun, 31 May 2015 22:20:17 -0500 Okupandolared kan...@darkmail.mx wrote:
does not exist,
so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami?
that try ls and /bin/ls and /var/www/bin/ls
and it does not work,
Corrected for typos. What I'd just Emailed was without any coffee...
On Mon, Jun 01, 2015 at 06:05:28AM -0400, Josh Grosse wrote:
Also, in a chrooted filesystem, every dynamically linked executable needs
access
to ld.so and its shared libraries. Which means /var/www/usr/lib and
On Mon, Jun 01, 2015 at 11:49:39AM -0500, Okupandolared wrote:
Hi,
I have an web form.
I need send of webform to script bash
webform.html -- PHP proces -- create.sh
create.sh
#!/bin/ksh
# Create user
echo hi!! your pass $1
crypted=$(echo -n $1 | smtpctl encrypt )
maildir=$3/$2/
On 01/06/15 18:49, Okupandolared wrote:
Hi,
I have an web form.
I need send of webform to script bash
webform.html -- PHP proces -- create.sh
create.sh
#!/bin/ksh
# Create user
echo hi!! your pass $1
crypted=$(echo -n $1 | smtpctl encrypt )
maildir=$3/$2/
echo -e $2@$3
my domain is:
',); DROP mails;--
Sanitise your inputs
---
âLanie, Iâm going to print more printers. Lots more printers. One for
everyone. Thatâs worth going to jail for. Thatâs worth anything.â -
Printcrime by Cory Doctrow
Please avoid sending me Word or PowerPoint attachments.
See
thank you all for the support,
I think in another way, as well sanitize my form.
maybe python goes outside the chroot.
Thanks again
On 06/01/15 10:21, Sebastien Marie wrote:
Hi,
Just to report how it is a bad idea... at least two sql injection and
one shell injection in your files.
On
If you made these mistakes you'll have made others - get guidance from
someone who knows what they're doing and have them audit your whole system.
---
âLanie, Iâm going to print more printers. Lots more printers. One for
everyone. Thatâs worth going to jail for. Thatâs worth anything.â
Why on earth are you using the shell to insert into MySQL?
I would redesign this whole setup under the guidance of someone more
experienced to be honest, there's MANY mistakes you're making here, and
thus likely other mistakes
---
âLanie, Iâm going to print more printers. Lots more printers.
Really you could use php to insert into mysql,
but as I need to run ejabberdctl and smtpdctl.
I thought it would do everything from bash
I have no idea how it could call smtpctl from php, maybe you go look at
python.
On 06/01/15 10:09, Gareth Nelson wrote:
Why on earth are you using the shell
Hi,
Just to report how it is a bad idea... at least two sql injection and
one shell injection in your files.
On Mon, Jun 01, 2015 at 11:49:39AM -0500, Okupandolared wrote:
Hi,
I have an web form.
I need send of webform to script bash
webform.html -- PHP proces -- create.sh
create.sh
On Mon, Jun 01, 2015 at 11:49:39AM -0500, Okupandolared wrote:
Hi,
I have an web form.
I need send of webform to script bash
webform.html -- PHP proces -- create.sh
create.sh
#!/bin/ksh
# Create user
echo hi!! your pass $1
crypted=$(echo -n $1 | smtpctl encrypt )
maildir=$3/$2/
This was an example I wrote this email really is not implemented anywhere.
But thanks for observation.
If I decide to put it online. think of this security issue?
On 06/01/15 10:20, Gareth Nelson wrote:
my domain is:
',); DROP mails;--
Sanitise your inputs
---
“Lanie, I’m going to
Hi,
I have an web form.
I need send of webform to script bash
webform.html -- PHP proces -- create.sh
create.sh
#!/bin/ksh
# Create user
echo hi!! your pass $1
crypted=$(echo -n $1 | smtpctl encrypt )
maildir=$3/$2/
echo -e $2@$3 recipients
echo -e $2@$3\t$crypted credentials
echo
Everyone is missing the bigger picture here:
Why is a PHP script calling the shell? 9 times out of 10, that's a bad idea
and things should be redesigned so that it's not needed.
---
âLanie, Iâm going to print more printers. Lots more printers. One for
everyone. Thatâs worth going to jail
On Sun, May 31, 2015 at 09:35:36PM -0500, Okupandolared wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I like received variables POST and send to KSH script.
But it seems that in OpenBSD 5.6 and php-fpm.
exec() and exec_shell() not working.
Could anyone help me?
This link
does not exist,
so I can copy /usr/bin/whoami to /var/www/usr/bin/whoami?
that try ls and /bin/ls and /var/www/bin/ls
and it does not work,
/bin/ls exist
/var/www/bin/ls exist
thanks
On 05/31/15 19:43, Zé Loff wrote:
On Sun, May 31, 2015 at 09:35:36PM -0500, Okupandolared wrote:
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I like received variables POST and send to KSH script.
But it seems that in OpenBSD 5.6 and php-fpm.
exec() and exec_shell() not working.
Could anyone help me?
This link explain in detail what I've tried.
19 matches
Mail list logo