Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #40911
| Path | csiph.com!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <ian.g.kelly@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.001 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; 'python.': 0.02; 'important,': 0.07; 'python': 0.09; '%s",': 0.09; '-rf': 0.09; 'command.': 0.09; 'empty,': 0.09; 'script,': 0.09; 'subject:error': 0.11; 'subject:python': 0.11; 'assume': 0.11; 'charset:iso-8859-7': 0.15; '"python': 0.16; "'';": 0.16; 'argument.': 0.16; 'doesnt': 0.16; 'subject:when': 0.16; 'substituted': 0.16; 'wrote:': 0.17; 'script.': 0.17; 'shell': 0.18; '>>>': 0.18; 'variable': 0.20; 'do.': 0.21; 'second': 0.24; 'command': 0.24; 'script': 0.24; 'pass': 0.25; 'header:In-Reply- To:1': 0.25; 'message-id:@mail.gmail.com': 0.27; 'options': 0.27; 'all.': 0.28; 'run': 0.28; "d'aprano": 0.29; 'steven': 0.29; 'ends': 0.30; 'fri,': 0.30; 'gets': 0.32; 'system,': 0.32; 'file': 0.32; 'info': 0.32; 'to:addr:python-list': 0.33; 'received:google.com': 0.34; 'third': 0.34; 'server': 0.35; 'exist': 0.35; 'pm,': 0.35; 'next': 0.35; 'received:74.125': 0.36; 'be.': 0.36; 'should': 0.36; 'does': 0.37; 'option': 0.37; 'passed': 0.37; 'subject:: ': 0.38; 'perform': 0.38; 'fact': 0.38; 'nothing': 0.38; 'page': 0.38; 'instead': 0.39; 'to:addr:python.org': 0.39; 'where': 0.40; 'matter': 0.61; 'first': 0.61; 'here': 0.65; '2013': 0.84; 'payload': 0.84; 'to:name:python': 0.84; '\xcc\xe1\xf1\xf4\xdf\xef\xf5': 0.84 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:mime-version:in-reply-to:references:from:date:message-id :subject:to:content-type:content-transfer-encoding; bh=PODTyroDZRMfvwhST4wC2C4y1LbEEIHs/Q0B78oo9Xo=; b=yeVtty6GeOy7q2P/yDYs6Xp/s5EaaDL1oYAFDS9aAO1gLE3doWCNa3W6kjronY3HGI Fu+ay3r/dPDaVYSyWfzVm3c46ubJUQ21D2Fb1toLclFcSDuDW6UQOo6aX1h0+qzYjYMA iVADi6Auvh745l8KmXKPeoUPfuu9/Qma3Zcft+sciHE4/rVgajczVMpSd+U0XlX8jM7T tvoakIrmLcgtt9amN6KX3+fuUxfhMOjMT2+eOYXGMy+ObozFg7PGNKAbf+to/MyNND8w ojDiVsYy44uK+s+6rPTl7tfaKCLhBd8tsofNh2nOV0KxOa/5WRuBfq+nCBqD0bKf/QnT cVhQ== |
| X-Received | by 10.14.179.5 with SMTP id g5mr10796292eem.41.1362788362901; Fri, 08 Mar 2013 16:19:22 -0800 (PST) |
| MIME-Version | 1.0 |
| In-Reply-To | <ef9369f3-f019-4302-836c-15cf58ffb58b@googlegroups.com> |
| References | <8e17232e-5b24-4040-9215-c4bd89f34fa2@googlegroups.com> <622d4a2d-0014-4254-b211-c8fd66510f74@googlegroups.com> <c2a09443-3c74-477b-af9f-a6f3473ebe88@googlegroups.com> <mailman.3029.1362669207.2939.python-list@python.org> <e63776b9-ba74-4349-9538-7fe95323d4be@googlegroups.com> <mailman.3033.1362670392.2939.python-list@python.org> <33f153b4-4f54-429a-a92d-387b679bf758@googlegroups.com> <20130307105137.a6cae268f7f074fbf5017b1d@lavabit.com> <CAPM-O+w_=e6FA8CA8W_UgxGXebXqNOqFWAf0BXa7FwRe6XYWgQ@mail.gmail.com> <mailman.3048.1362684995.2939.python-list@python.org> <0074be2d-1f52-4626-bf53-fd9591f16bf7@googlegroups.com> <mailman.3050.1362687355.2939.python-list@python.org> <98cd9065-94b0-4fb6-b2fd-6ed96880242d@googlegroups.com> <mailman.3066.1362714922.2939.python-list@python.org> <513a33d7$0$30001$c3e8da3$5496439d@news.astraweb.com> <ef9369f3-f019-4302-836c-15cf58ffb58b@googlegroups.com> |
| From | Ian Kelly <ian.g.kelly@gmail.com> |
| Date | Fri, 8 Mar 2013 17:18:42 -0700 |
| Subject | Re: An error when i switched from python v2.6.6 => v3.2.3 |
| To | Python <python-list@python.org> |
| Content-Type | text/plain; charset=ISO-8859-7 |
| Content-Transfer-Encoding | quoted-printable |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.3107.1362788364.2939.python-list@python.org> (permalink) |
| Lines | 36 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1362788364 news.xs4all.nl 6952 [2001:888:2000:d::a6]:35135 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:40911 |
Show key headers only | View raw
On Fri, Mar 8, 2013 at 1:54 PM, <nagia.retsina@gmail.com> wrote: > Τη Παρασκευή, 8 Μαρτίου 2013 8:54:15 μ.μ. UTC+2, ο χρήστης Steven D'Aprano έγραψε: > >> >>> -c ''; rm -rf /; oops.py > >> Please don't tell the newbies to destroy their system, no matter how >> tempting it might be. > > What that "-c ''" options i keep seeing in the attempts to pass bogus info in my 'page' variable? > > And hows oops.py relevant? Such file doesnt nto exist in my webssever. The command that gets run is "python %s > %s", where the page variable is substituted in for the first %s. If you perform that substitution, you will get: python -c ''; rm -rf /; oops.py > /path/to/some/temp/file So the -c is an option to Python. It means that instead of reading a script, Python should run commands passed on the command line in the next argument. That's the ''. It's empty, so what this instructs Python is to do nothing at all. The second command in this shell script is "rm -rf /". I assume you know what that would do. The third command is "oops.py > /path/to/some/tempfile". The fact that oops.py does not exist is not important, because the attacker does not care what this command does. The payload of the attack was already delivered in the second command. The only reason for this is because it ends in .py, which is what the web server is looking for when deciding whether to run a script. The word "oops" here is just for levity.
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 00:18 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 01:06 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 03:27 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 "Michael Ross" <gmx@ross.cx> - 2013-03-07 12:51 +0100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 04:25 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 "Michael Ross" <gmx@ross.cx> - 2013-03-07 14:06 +0100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:22 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 00:43 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:56 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:01 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:11 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:13 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:17 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:34 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:37 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:44 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:48 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:44 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:34 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:13 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:16 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:11 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:56 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:22 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 04:25 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:50 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:52 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:01 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 02:13 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:26 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 02:33 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:57 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 rh <richard_hubbe11@lavabit.com> - 2013-03-07 10:51 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 13:57 -0500
Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 14:36 -0500
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 12:04 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-07 13:15 -0700
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 16:57 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Vito De Tullio <vito.detullio@gmail.com> - 2013-03-08 04:55 +0100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:54 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:54 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:56 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 18:01 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 02:51 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 02:51 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:56 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-03-08 18:54 +0000
Re: An error when i switched from python v2.6.6 => v3.2.3 info@cravendot.gr - 2013-03-08 11:19 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 13:01 -0700
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 12:31 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-09 08:37 +1100
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:18 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-03-09 03:27 +0000
Re: An error when i switched from python v2.6.6 => v3.2.3 Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-03-09 05:05 +0000
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 23:56 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-03-09 12:43 +0000
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-09 06:16 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-09 06:16 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 rusi <rustompmody@gmail.com> - 2013-03-09 07:20 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:18 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 17:26 -0700
Re: An error when i switched from python v2.6.6 => v3.2.3 nagia.retsina@gmail.com - 2013-03-08 19:15 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 nagia.retsina@gmail.com - 2013-03-08 19:15 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 12:31 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 13:04 -0700
Re: An error when i switched from python v2.6.6 => v3.2.3 nagia.retsina@gmail.com - 2013-03-08 12:54 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 emile <emile@fenx.com> - 2013-03-08 14:13 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 17:18 -0700
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:17 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-03-09 03:33 +0000
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:17 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 16:57 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 12:04 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:57 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:26 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 John Gordon <gordon@panix.com> - 2013-03-07 15:55 +0000
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 08:00 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 08:22 -0800
Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 12:41 -0500
Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 13:50 -0500
csiph-web