Re: injection

new topic     » goto parent     » topic index » view thread      » older message » newer message
Matt Lewis said...
CChris said...
system( "rm \"file_name\"", 0 )

Not good?

Nope. For instance: 

    file_name = "\"; rm -rf \"~/*"

Matt

shell argument escaping would take care of this.

Matt Lewis said...

PS Some birds do swim.

Which is why its a perfect choice of question! The ambiguity guarrantees only a human brain will be able to solve it!

At least until thoes T-500s start ramping up production...

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu