1

I made this file based on a combination of hexadecimal that can breakcat and the terminal showing the file with cat, and the reset command does not work anymore:

Download Cat Killer Version 1

To test, download the script file and execute cat brokecat on it and you will see.

Another example is executing cat /usr/bin/vi that can execute some arbitrary, but not valid commands on terminal.

I am now trying to do the same thing on my Apache server by including some of these characters in the URI. I imagine that if someone opens the access logs using cat that this executes some arbitrary commands on the server using the same logic.

Is this possible?

Improve this question
7
  • I am trying to make access.log to execute some arbitrary commands, when i run cat /var/log/apache2/access.log, i am trying to understand if that is possible. Because cat command sometimes reacts bad to some binary codes in file, imagine that the user types something in the URI with this binary codes and this goes to my access.log (obviously), when i reading my /var/log/apache2/access.log, something bad can gonna happen. Do you understand? Commented May 17, 2016 at 18:48
  • 1
    ok - I tried to narrow in on your question - I hope my edits are what you intended to say Commented May 17, 2016 at 18:52
  • there is a small problem with your question - if it is possible, then that would be a major bug in cat and should remain private and disclosed to the developers who can release a patch before your disclosure to the world Commented May 17, 2016 at 18:54
  • no need to delete the question, just that you might not get the detailed answers you hope for Commented May 17, 2016 at 19:24
  • There is a inotify that you can setup to monitor the log files, but you would have to program it. linux.die.net/man/7/inotify Commented May 17, 2016 at 23:49

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.