[CentOS] Apache mod_perl cross site scripting vulnerability
Прокси
proxy-one at mail.ru
Wed Aug 12 13:01:30 UTC 2015
On 2015-Aug-12 05:17, Ellen Shull wrote:
> On Wed, Aug 12, 2015 at 3:39 AM, Proxy One <proxy-one at mail.ru> wrote:
> > Is there way to use curl for testing? I'm getting new line because of
> > the single quote inside string and escaping it with back slash gives me
> > bash: syntax error near unexpected token `<'
>
> You can use curl's -K option which lets you stick arguments in a file,
> helpful for getting around shell quoting nightmares. For example make
> a file named test-url-file which contains the line
> url = http://www.mydomain.com/[bad stuff, don't want this message
> tripping over some filter for containing a malicious-looking URL]
>
> then do curl -g -K test-url-file
>
> Note that just gets you around shell interpretation; curl does some of
> its own as well. the -g switch I used there disables its
> interpretation of {}[] as special globbing characters. If you put the
> url in double quotes then not only do you have to escape any double
> quotes in the string, it also starts interpreting backslash sequences
> so you have to double all backslashes--so oddly it's best to just
> leave quotes off.
Thanks, it works! I was able to reproduce problem and was able to see
how my changes affected response from the server.
More information about the CentOS
mailing list