Fix the script
Level 5
Notice: do not use sed -r. This only works for linux. Instead use sed -E.
Sam wants certain users to be able to run limited commands from a PHP page. He created a function called safeeval to run these commands. However on one page he neglected to use safeeval and instead used eval(). Safeeval will fail if a command given should not run.
Sam then created a shell script to fix the error.
Sam's uname is:
freeBSD 6.9
Here is the script:
<?php
include ('safe.inc.php');
if ($access=="allowed")
{
if (empty($_GET['cmd2']))
{
eval ($_GET['cmd2']);
}
else
{
eval ($_GET['cmd']); eval($_GET['cmd2']);
}
}
?>
Here is his shell script (for freeBSD):
#!/bin/sh
rm OK
sed -E "s/eval/safeeval/" <exec.php >tmp && touch OK
if [ -f OK ]; then
rm exec.php && mv tmp exec.php
fi
Fix the incorrect line in the shell script (and use the SAME spacing).
___________________
|___________________|check
Solution:
- Check the script for fixing the problem, you'll find out Sam replace all eval command with safeeval command and obviously there's a command error of sed.
Reference: http://en.wikipedia.org/wiki/Sed
The following example shows a typical, and the most common, use of sed, where the -e option indicates that the sed expression follows:
sed -e 's/oldstuff/newstuff/g' inputFileName > outputFileName - Yes, 'g' is a lack of the sed script, where 'g' means "replace all matches.
- Input 'sed -E "s/eval/safeeval/g" <exec.php >tmp && touch OK' and check.
- It's done!
- By the way, a part of the original script below is very strange.
- Since cmd2 is empty, why Sam use eval to execute it? o.0