App - Script
Bash - quoted expression injection
Hi everyone,
This challenge seems alot of fun but I am having trouble passing the first if condition.
I had a trick to pass it and when I use it on the ch21.sh alone it works, but when I try using it on the wrapper it doesn’t work.
I am pretty sure I am doing something wrong but I cannot put my finger on it. any hint or suggestion would be much appreciated
Thank you
Bash - quoted expression injection
I went down a lot of rabbit holes with this one and it wound up being something a little bit novel. I would study the different type of, as in the subject, "Bash expressions." These challenges really help you master string manipulation; Thanks "sbrk" for making this one.
Bash - quoted expression injection
hello
is it related to shellshock exploit ?
http://www.cs.toronto.edu/~arnold/427/20s/427_20S/shellshock/
https://unix.stackexchange.com/questions/157329/what-does-env-x-command-bash-do-and-why-is-it-insecure
Bash - quoted expression injection
thanks for the reply @eltouco
i don’t get it about the wrapper, the source is the same as the unquoted challenged
on script side , the only difference i suspected was the first line of the line which differs (usr/bin/env bash)
but substituing the bash has no effect
i had a unexpected token trying to use subshell as parameters
– > is this the right way?
i think i m going crazy 🙄