SoylentNews is people
SoylentNews
http://arstechnica.com/security/2014/10/poor-punctuation-leads-to-windows-shell-vulnerability/
"A class of coding vulnerabilities could allow attackers to fool Windows system administrators into running malicious code because of a simple omission: quotation marks."
The comments on the Ars Technica article are well worth reading for additional examples and descriptions. Better still, take a look at Command-injection vulnerability for COMMAND-Shell Scripts over at The Security Factory. The author provides a well-developed progression of possible attack vectors under Windows where environment variables and directory names can be used maliciously. In general, one should always surround references to %CD% (i.e. the current directory) with quotes: SET startdir="%CD%"
Another interesting case is illustrated by this code sample: SET B=T"&calc&
SET C="%B%"
where accessing the value of the environment variable B, even though it is quoted, causes the system to try and invoke a program called "calc" (i.e. the Windows calculator.)
(Score: 0) by Anonymous Coward on Monday October 13 2014, @02:39AM
The Python programmer has to actually make the effort to call system() before an exploit is possible.
The Bash scripter only has to allow an environment variable to be set. Oh, wait, the Bash scripter can't even control that if he's writing a CGI script!
You Bash lovers who keep screaming "But C has a system() function!!#!$!!!@!@!" really need to stop. Face it, your preferred technology is full of holes that just don't exist in other languages!
(Score: 0) by Anonymous Coward on Tuesday October 14 2014, @07:41AM
if you really think security exploits don't exist in programs written in other languages, you sir are a dumfuk... that is all