Fwd: wget: Arbitrary file overwriting/appending/creating and other vulnerabilities

Steve Crosby fost at hotmail.com
Mon Dec 20 16:41:24 PST 2004


Robert Connolly <robert at linuxfromscratch.org> wrote in
news:200412182257.32964.robert at linuxfromscratch.org: 

> What can be used to replace Wget for simple file fetching? 99% of the
> time i use Wget it is just to download a package tarball. Ncftpget
> doesn't get files from http. Openbsd's ftp client supports http(s),
> maybe there is something like it for linux?

if your using bash, this will work most for an http link) - place in 
/etc/profile or similar, then

  get <url> > filename

Note: This bash magic is from an old post in the archives, which I've 
incorporated into my build processes.

# Function to get the contents of a URL and display to STDOUT
get()
{
  h=${1#http://}
  h=${h%%/*}
  p=${h#*:}
  if [ "$p" = "$h" ]; then
    p='80'
  fi
  f=${1#http://*/}
  if [ "$f" = "$1" ]; then
    f='/'
  else
    if [ -z "$f" ]; then
      f='/'
    else
      f="/$f"
    fi
  fi
  ( echo -e "GET $f HTTP/1.0\r\nHost: $h\r\n\r\n" 1>&3 & cat 0<&3 ) 3
<>/dev/tcp/$h/$p \
  | (read i; while [ "$(echo $i | tr -d '\r')" != "" ]; do read i; done; 
cat)
}

- --
Steve Crosby



More information about the lfs-security mailing list