Hi,
Am Sonntag, den 27.03.2011, 12:00 +0530 schrieb Rony:
Thanks Joachim. For the first time I actually saw how a code can be cracked into, via an input string only. For the benefit of those who were not present, Joachim was able to crack the user name even though that name was not in the list. Instead of a known username, he used a username string expression that only looked for an alphabet and it was naturally found among the many names. That allowed him in as a valid user.
This is a very good example of how opening the code allows it to be improvised and become free of bugs.
actually, if I had a little more time, I could have also shown how to construct a user input that would appear to be a valid user, would appear not not be already present, so that we get to the code where pictures were taken, and then, due to missing quotes around the variable name, arbitrary commands could have been executed. As the script was planned to run as root, this would give the attacker full control over the machine.
Greetings, Joachim