Hacker Challenge/online SVG creation tool

Hacker Challenge:

I have created a little online tool that creates SVG images that can be sent to the laser printer. It is built on top of bash and so can do stuff in a pretty clear way that you can’t quite do with other tools that I have found. The example below shows off nested loops, variable assignment, and function creation. Because it is generally considered a HUGE security hole to allow shell access from cgi, I have tried to make this as secure as possible. I have even gone so far as it isolate it (for now) into its own domain and site. I have used restricted shell and allow access to a directory that only has ‘bc’ and ‘sed’ in it (which I show in the example). Can anyone point out how the nefarious hacker could foil this? Also, feel free to play with it and try to print from it. It seems like now you have to save into inkpad and create a xps file, but I printed this image out the other day. I will stop working on this site and branch off another one for development since most websites don’t change as the hacker tried to get in. Also, the real-time graphics only work in firefox, probably a minor coding error to get them to work in IE. (Someone already asked about javascript, I think that might be a way to do it, perhaps with a buffer overflow).
Go to the challenge

Leave a Reply

Your email address will not be published. Required fields are marked *