Thursday, December 19, 2002

How to open a gaping security hole on your web server in only 8 lines of code fun with System.Diagnostics.Process System.Diagnostics is so cool.  While searching for a fun demo for Guerrilla.NET this week I came up with the idea of writing a page that would launch a user-specified EXE, scoop up the output, and send it back down to the user.  An incredibly stupid idea, but a really groovy little demo.  What's really cool is how little code this took. I wrote an "MSN IM Telnet" way back in the days of beta one and I had to hook everything up myself with a few hundred lines of P/Invoke (basically a managed version of this code).  System.Diagnostics picked up the process class sometime later, and I never got around to trying it out.  Wow, is it simple. The guts of my demo consisted of these lines of code:   using System.Diagnostics;   Process p = new Process();   p.StartInfo.FileName = CommandLine.Text;   p.StartInfo.Arguments = CommandArgs.Text;   p.StartInfo.UseShellExecute = false;   p.StartInfo.RedirectStandardOutput = true;   p.Start();   outputString = p.StandardOutput.ReadToEnd();   p.WaitForExit(); That's it!  Little nuggets like this just make me keep loving .NET... 5:21:44 PM      comment []

Microsoft "Early Adopter" blog opens up Welcome to the Early & Adopter weblog. This blog is dedicated to providing the latest information on emerging Microsoft technologies. For stuff that's too big to dump in the blog, we'll point you at our articles on-line, such as COM+ 1.5 Services Without Components. Lately, we've been spending a lot of time with Everett, so expect to see tips and tricks and things you must know around that product. Also look for information on Yukon and Whidbey, once they make it out past the event horizon, and can be talked about in public. [Sean 'Early' Campbell & Scott 'Adopter' Swigart's Radio Weblog] via [Sam] Brand new blog, already filling up with lots of juicy little tips & tidbits.  I know I'm signing up... 10:29:37 AM      comment []

© Copyright 2003 Jason Whittington.

Stuff I read:

Sam Gentile's Blog

Hacking Log 2.0

I bla-bla-bla

Lessig Blog

The Wagner Blog

Roland Piquepaille's Technology Trends

Gordon Weakliem's Radio Weblog

Clemens Vasters: Enterprise Development & Alien Abductions

graham glass: what's next?

IKVM.NET Weblog

Sean 'Early' Campbell & Scott 'Adopter' Swigart's Radio Weblog

Green Hat Journal

CraigBlog

Ockham's Flashlight

Fucked Company

0xDECAFBAD

Ingo Rammer's DotNetCentric

The Furrygoat Experience

Mono Project News

Don Box's Spoutlet

Incessant Ramblings

InkBlog : The Random Musings of David Weller

Sam Ruby

IUnknown.com: John Lam's Weblog on Software Development

Joel on Software

The Mountain of Worthless Information

OSNews

Simon Fell

Peter Drayton's Radio Weblog

sellsbrothers.com: Windows Developer News

Thinking In .NET

Adrian Bateman (VisionTech)