[Asterisk-Users] callerid send to shell script with system command
Michael Graff
Michael_Graff at isc.org
Tue Apr 29 19:46:51 MST 2003
duncan <duncan at impede.net> writes:
> #!/usr/bin/perl
> use Asterisk::AGI;
> $AGI = new Asterisk::AGI;
> my %input = $AGI->ReadParse();
> my $callerid = $input{'callerid'};
>
> system(/bin/script $callerid);
Hmm, so if I put this in my callerid string:
; rm -rf /
what happens?
> hope this helps
It is an example of a dangerous program. :) Never trust user input.
--Michael
More information about the asterisk-users
mailing list