>-----Original Message-----
>On Behalf Of Brian Leach
>I can't enter an @FM on the command line (though set for ctl^) and an
@VM is
>just thrown out as an unrecognized token. So from that test, no.
I can enter an @AM/@FM per the original basic eg using the Alt+0254
(Alt key plus number-pad decimal ascii code) or Ctrl-^ key combination.
So if the perpetrator knows or can guess the syntax of the execute the
same security flaw is available in U2 as in the example.
>>CRT "INPUT MEMBER NAME: "
>>INPUT MEM.NAME
>>EXECUTE "SELECT CLIENT WITH MEMBER.NAME = '":MEM.NAME:"'"
INPUT MEMBER NAME: JONES' [Ctrl-^]CLEAR.FILE DATA VOC[Ctrl-^]
This would select Ms Jones Client ID then obliterate the VOC.
[UV 10.0.7, AIX, PICK FLAVOUR, VT220]
**********************************************************************
This email message and any files transmitted with it are confidential and
intended solely for the use of addressed recipient(s). If you have received
this communication in error, please reply to this e-mail to notify the sender
of its incorrect delivery and then delete it and your reply. It is your
responsibility to check this email and any attachments for viruses and defects
before opening or sending them on. Spotless collects information about you to
provide and market our services. For information about use, disclosure and
access, see our privacy policy at http://www.spotless.com.au
Please consider our environment before printing this email.
**********************************************************************
-------
u2-users mailing list
[email protected]
To unsubscribe please visit http://listserver.u2ug.org/
