« Recommended Tech and Security Podcasts | Main | Using Oedipus - Lesson 1 - Generating a log file using Burp »


Oedipus get a command injection plugin

Just committed to the CVS was an operating system command injection plugin for Oedipus. This will check for basic instances of chaining commands using a vertical bar (largely Unix), semicolon (Unix), and double ampersands (Windows). It should hopefully pick up instances where unvalidated input is used in a command executed on the underlying operating system. The attempted "exploit" is to generate a time delay we can measure at the scanner level to determine whether the OS level command worked or not.

Tags:

Found this useful? Then Digg It.

Posted by Justin Clarke on March 12, 2006 10:34 AM |


Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

All spam will be reported

Search

Google
Web justinclarke

About

This page contains a single entry from the blog posted on March 12, 2006 10:34 AM.

The previous post in this blog was Recommended Tech and Security Podcasts.

The next post in this blog is Using Oedipus - Lesson 1 - Generating a log file using Burp.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.36

Valid XHTML 1.0!