CURL: command_injection

Main Menu

Order
About the Book
Contents
Author Events

Finally, a plain-sense handbook for testers that teaches the mechanics of security testing. Belying the usability of the "recipe" approach, this book actually arms the tester to find vulnerabilities that even some of the best known security tools can't find.

Matt Fisher,
Founder and CEO Piscis LLC

CURL: command_injection_reveal.sh

Wednesday, 23 September 2009 19:48

#!/bin/bash
        
# The value of OUTPUTFILE from previous script
INPUTFILE=C:\\temp\\vulns.txt
# INPUTFILE=/tmp/vulns.txt
        
echo "The following URLs are vulnerable to command injection:"
while read LINE
do
        LINE_DECODED=`echo ${LINE} | perl -MMIME::Base64 -lne 'print decode_base64($_)'`
        echo $LINE_DECODED;
done < ${INPUTFILE}

Last Updated on Wednesday, 23 September 2009 19:55

follow pacohope at http://twitter.com/

follow OWASP NoVA at http://twitter.com/