POV-Ray: Newsgroups: povray.programming: Hackers... (Howto "not being hacked with povray"): Re: Hackers... (Howto "not being hacked with povray")

POV-Ray : Newsgroups : povray.programming : Hackers... (Howto "not being hacked with povray") : Re: Hackers... (Howto "not being hacked with povray")		Server Time 28 Jul 2024 14:32:40 EDT (-0400)

From: Warp
Date: 16 Nov 2000 14:02:19
Message: <3a142f3b@news.povray.org>

It is possible to open a file for writing (and then write something in
there) within the .pov file.
  This can be used to write (or overwrite) system files, configuration
files, login files and so on.
  For example, if you are using dos/windows povray, the .pov file, when
povray is parsing it, could open your autoexec.bat and put some nasty
commands at the end of it (such as deltree...). In unix accounts it can
write nasty commands to your .login file and other similar user files (if
you are running povray with your own account privileges).

  Note also that the .ini file could specify an important system/user file as
the output image file for povray (that is, povray would overwrite the file
when writing the image). This can be quite dangerous specially in dos/windows.

-- 
main(i,_){for(_?--i,main(i+2,"FhhQHFIJD|FQTITFN]zRFHhhTBFHhhTBFysdB"[i]
):_;i&&_>1;printf("%s",_-70?_&1?"[]":" ":(_=0,"\n")),_/=2);} /*- Warp -*/

Post a reply to this message