I am trying to work around a vulnerability in php's argv's by doing this:
proc pub_fm {nick uhost hand chan text} {
if {[regex [^a-zA-Z0-9] $text] == 1}
{
putserv "PRIVMSG $chan :Invalid request."
} else
{
pub_exec $nick $uhost $hand $chan ".exec script.php $text"
}
}
I cannot seem to get this to work. Am i doing this the right way? (I am new to TCL)
This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
All data has been migrated (including user logins/passwords) to a new phpBB version.
For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.
tcl syntax question
-
jjk0
hmm, its still not working. heres what im dealing with:
bind pub - .fm pub_fm
bind pubm n "#* .exec *" pub_exec
proc pub_fm {nick uhost hand chan text} {
if {[regexp {[^a-zA-Z0-9]} $text] == 1}
{
putserv "PRIVMSG $chan :Invalid request."
} else
{
pub_exec $nick $uhost $hand $chan ".exec script.php $text"
}
}
Before when I just had the pub_exec ... "script.php $text" it worked, but the problem was that if someone execute the command ".fm query | echo oops". but bot would execute the command "echo oops", which can be a real serious vulnerabiliry. So what im trying to do is catch anything that is not a letter or number so that I can not even have the script execute unless if is so.
Here's what i got when i tried to execute it:
<jk0> .rehash
<wh0red> Rehashed.
<jk0> .fm #$%
<jk0> .fm query
The bot didnt respond to the search or the invalid request. Any suggestions?
bind pub - .fm pub_fm
bind pubm n "#* .exec *" pub_exec
proc pub_fm {nick uhost hand chan text} {
if {[regexp {[^a-zA-Z0-9]} $text] == 1}
{
putserv "PRIVMSG $chan :Invalid request."
} else
{
pub_exec $nick $uhost $hand $chan ".exec script.php $text"
}
}
Before when I just had the pub_exec ... "script.php $text" it worked, but the problem was that if someone execute the command ".fm query | echo oops". but bot would execute the command "echo oops", which can be a real serious vulnerabiliry. So what im trying to do is catch anything that is not a letter or number so that I can not even have the script execute unless if is so.
Here's what i got when i tried to execute it:
<jk0> .rehash
<wh0red> Rehashed.
<jk0> .fm #$%
<jk0> .fm query
The bot didnt respond to the search or the invalid request. Any suggestions?
-
jjk0
i rewrote it to this:
proc pub_fm {nick uhost hand chan text} {
if {[regexp {[^a-zA-Z0-9\-\_\ ]} $text] == 1} {
putserv "PRIVMSG $chan :Invalid request."
} else {
foreach cmd [split [exec /script.php $text] "\r\n"] { putserv "PRIVMSG $chan :$cmd" }
}
}
and now it works... if i do this ".fm query", it returns data. if i try to add more than one query like ".fm query1 query2" i get an invalid request. would i need to add something else to the regex to get it to count spaces too?
proc pub_fm {nick uhost hand chan text} {
if {[regexp {[^a-zA-Z0-9\-\_\ ]} $text] == 1} {
putserv "PRIVMSG $chan :Invalid request."
} else {
foreach cmd [split [exec /script.php $text] "\r\n"] { putserv "PRIVMSG $chan :$cmd" }
}
}
and now it works... if i do this ".fm query", it returns data. if i try to add more than one query like ".fm query1 query2" i get an invalid request. would i need to add something else to the regex to get it to count spaces too?
-
jjk0