Mailing List Archive

just at quick glance, do you intend for the first line of executed code to
be "if(get_port_state(port))"
or, should the first line of executed code be "i=0"

There is also a syntax error "retrun(1);"


John Lampe
https://f00dikator.hn.org/


"In Germany, they first came for the communists, and I didn't speak up
because I wasn't a communist. Then they came for the
Jews, and I didn't speak up because I wasn't a Jew. Then they came for
the trade unionists, and I didn't speak up because I
wasn't a trade unionist. Then they came for the Catholics and I didn't
speak up because I wasn't a Catholic. Then they came for me - and by
that time there was nobody left to speak up."

--Martin Niemvller

----- Original Message -----
From: "Noam Rathaus" <noamr@beyondsecurity.com>
To: "Nessus Plugin Mailing List" <plugins-writers@list.nessus.org>
Cc: "Renaud Deraison" <deraison@cvs.nessus.org>
Sent: Tuesday, November 06, 2001 6:24 AM
Subject: Plugin: port_shell_execution.nasl


> Hi,
>
> This is a general plugin, it detects the usage of insecure redirection of
input
> provided via the internet to a shell script. Though the plugin seems to be
in
> right syntax, the plugin causes a crash?
>
> I would be grateful if you people can help or Renaud.
>
> Thanks
> Noam Rathaus
> http://www.SecurITeam.com
> http://www.BeyondSecurity.com
>
>

executed without a crash....


John Lampe
https://f00dikator.hn.org/

On Tue, Nov 06, 2001 at 08:24:31AM +0200, Noam Rathaus wrote:
> Hi,
>
> This is a general plugin, it detects the usage of insecure redirection of input
> provided via the internet to a shell script. Though the plugin seems to be in
> right syntax, the plugin causes a crash?
>
> I would be grateful if you people can help or Renaud.
>

I'd replace all the "\n" by "\r\n".

Also, you should not look for "uid=0(root)" but just for "uid=0"
(as it's less prone to false negatives, even though in that case it may
be hard).

-- Renaud