On Sunday 27 March 2011 12:14 PM, Joachim Breitner wrote:
Hi,
Am Sonntag, den 27.03.2011, 12:00 +0530 schrieb Rony:
Thanks Joachim. For the first time I actually saw how a code can be cracked into, via an input string only. For the benefit of those who were not present, Joachim was able to crack the user name even though that name was not in the list. Instead of a known username, he used a username string expression that only looked for an alphabet and it was naturally found among the many names. That allowed him in as a valid user.
This is a very good example of how opening the code allows it to be improvised and become free of bugs.
actually, if I had a little more time, I could have also shown how to construct a user input that would appear to be a valid user, would appear not not be already present, so that we get to the code where pictures were taken, and then, due to missing quotes around the variable name, arbitrary commands could have been executed. As the script was planned to run as root, this would give the attacker full control over the machine.
Greetings, Joachim
After your inputs, as a precaution, I will not run the script as root. Seperate folders will be made for the scripts which will be owned and grouped by root only and users will be 'others' and will get only execute permissions. Read and Write will be removed for them.