Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
Splite2014-08-20 11:58:31
Command line
Splite, 2014-08-20 11:58:31

How to protect yourself from shell injection?

Hello!
The user enters some keyword, which is then substituted into grep
. What characters should be escaped so that nothing extra can be entered?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vadim Misbakh-Soloviev, 2014-08-24
@mva 

%  echo '$SHELL:' $SHELL; read i; echo '12\ndw\n3e\n/bin/zsh\n> '|grep "${i}"
$SHELL: /bin/zsh
> $SHELL
%
% echo '$SHELL:' $SHELL; read i; echo '12\ndw\n3e\n/bin/zsh\n> '|grep "${i}"
$SHELL: /bin/zsh
> $(cat /etc/passwd)
%

Symbols are not required. You need to escape the variable that is fed to grep :)

Similar questions
T
tueuragages000132019-06-20 20:32:38
How to run routersploit on the command line? 1Reply
W
workRave2017-01-27 06:49:44
What is the best way to write a script? 5Reply
G
Gob_L1n2021-02-06 14:06:09
How to remove the arrow icon in zsh? 2Reply
S
SterhXXX2019-06-30 12:25:42
OTRS 6, what's wrong with it, from where to download with the wget command? 3Reply
R
razer962019-07-03 14:53:44
How to competently create a docker container for a Vue-Cli-3 application? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question