All Questions
Tagged with bash-scriptingbash
6 questions
5votes
3answers
1kviews
Are these bash lines (handling untrusted user input) vulnerable to command injection?
If $1 contains untrusted user input for example $(whoami). Are any of the following bash examples vulnerable to command injection? I'm having issues clearly understanding this behavior in Bash. Also, ...
- 7,657
0votes
0answers
295views
how to exploit read -p in bash script
i wanna execute ls command inplace of the output being "your name is ls" is there a way to do it ? read -p "name??" name echo "your name is $name"
-1votes
1answer
130views
How i can grep only subdomain names without "target.com" [closed]
i have w wordlist of subdomains contains like this : admin.bugbountytarget.com portal.bugbountytarget.com sales.bugbountytarget.com vpn1.bugbountytarget.com dev.test.bugbountytarget.com ... And I ...
0votes
1answer
1kviews
BASH vs SH (dash, etc.) in terms of security [closed]
Since I am new to Linux, when writing scripts I always followed the rule "the less code, the less attack surface", so I try to write scripts with privileged access (sudo, root, etc.) in sh ...
- 725
2votes
2answers
3kviews
Are positional parameters vulnerable to command injection?
I am trying to find if the following shell script is vulnerable to command injection #!/bin/sh set -x dig +noall +answer TXT $2._domainkey.$1 Now when I try something like this, sh script.sh "...
- 183
3votes
2answers
701views
Are alphanumeric strings safe to pass to a bash script?
I'm currently developing a web service that takes user input and passes it to a bash script as an argument. I know that without sanitizing this allows for remote command execution. So I want to know ...
- 211
