Finishing User Side

• Dot Dot Slash
  • Stands for ../
  • Go up one directory
  • Many applications have escapes to the shell, editors or other applications.
    • This should not be the case for a web server
    • Or any applications invoked by this server.
  • But if a user does so, this is a problem.
  • At one point it was popular to build a web page that would allow a user to execute a command
    • For example, a man-page service
    • Have a box that the user entered the item they wanted a man page on.
    • The execute man $userdata
    • And display the result on a new page.
    • so if the user entered g++
    • The program would execute man g++
    • Unfortunately the user might enter g++; cat /etc/passwd
  • See this page.
  • phpmyadmin scares the heck out of me.
  • As do many other web interfaces to interact with the os.
• Server Side Include
  • Since php can execute commands, sometimes you can sneak in a execute command.
  • This has become much more difficult.
• Ideally a web server should be "contained" in it's own environment
  • But containers can be broken too.
• How to protect against this type of attack
  • Sanitize your input
    • Do not allow ; or < or >
  • Keep up with current practices.
  • Don't use deprecated language features