BugTraq
Back to list
|
Post reply
Re: xpdf vulnerability - CAN-2003-0434
Jul 09 2003 08:36PM
Andries Brouwer cwi nl
>> A urlCommand like the default "netscape -remote 'openURL(%s)'"
>> is OK since the %s is protected by single quotes.
> How so? Consider an argument of
> '`rm -rf /tmp/test`'
xpdf already filters out single and double quotes, so
these do not occur in arguments.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
>> is OK since the %s is protected by single quotes.
> How so? Consider an argument of
> '`rm -rf /tmp/test`'
xpdf already filters out single and double quotes, so
these do not occur in arguments.
[ reply ]