Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: Create an XKCD-influenced Mac 'doorbell'' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Create an XKCD-influenced Mac 'doorbell'
Authored by: soapbeard on Jan 21, '09 08:31:15AM

Be careful with this, that script contains a command injection vulnerability.
You should fix this if you want to make it accessible by the internet.

eg.

/say.php?say=hello%22%3B+rm+-rf+%2F%3B+echo+%22

would get it to run this:

say "hello" ; rm -rf / ; echo ""

Which would say hello, then try and delete all your files. With the right url it could do anything, like use your machine to send spam.

I would suggest changing:

$cmd = sprintf('say "%s"', $_GET['say']);

to

$cmd = sprintf('say "%s"', preg_replace('/[^\w\d ]/','',$_GET['say']));

which should remove anything other than a letter, digit or space and stop any command injection.




[ Reply to This | # ]
Thanks, skicker; fix added
Authored by: ManasTungare on Jan 21, '09 08:51:52AM

Thanks for highlighting the command injection vulnerability! I added the fix to the blog post.
–Manas.



[ Reply to This | # ]