Bugtraq mailing list archives
Re: guestbook script is still vulnerable under apache
From: lstein () CSHL ORG (Lincoln Stein)
Date: Fri, 26 Jun 1998 09:29:27 -0400
On Thu, 25 Jun 1998, Theo Van Dinter wrote:I don't use the program in question so I can't pass this on to the author, but here is a replacement for that "bad" line that will handle all (to my knowledge) SSI's including malformed ones: $value=~s{ <! # Comments start with <! ([^<>]|<[^<>]+>)* # Remove anything in between, including # the non-spec'ed included tags ... > # End of the comment. }{}gsx; # Replace with Nothing
Tom Christiansen is on record (and in print) as saying that there is no single regular expression that can be used to strip out HTML comments (or any other HTML tag) 100% of the time. I don't see why you would want to allow a guestbook upload to contain any HTML tags any way, since it is so easy for broken HTML to mess up the page downstream of the problem. Lincoln ======================================================================== Lincoln D. Stein Cold Spring Harbor Laboratory lstein () cshl org Cold Spring Harbor, NY ========================================================================
Current thread:
- Re: security hole in mailx, (continued)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)
- Re: Bug is sudo? Warner Losh (Jun 26)
- Re: Bug is sudo? Todd C. Miller (Jun 27)
- Re: security hole in mailx Alvaro Martinez Echevarria (Jun 25)
- Re: security hole in mailx Ben Collins (Jun 25)
- Re: security hole in mailx Theo de Raadt (Jun 25)
- guestbook script is still vulnerable under apache Stunt Pope (Jun 25)
- Re: guestbook script is still vulnerable under apache Theo Van Dinter (Jun 25)
- Re: guestbook script is still vulnerable under apache Andru Luvisi (Jun 25)
- Re: guestbook script is still vulnerable under apache Lincoln Stein (Jun 26)
- dip-3.3.7p exploit (stackpatch_ Thomas Troeger (Jun 26)
- And another qpopper overflow (does this make 3?) Aaron D. Gifford (Jun 28)
- Re: dip-3.3.7p exploit (stackpatch_ M.C.Mar (Jun 28)
- WIPO Bill Aleph One (Jun 25)
- Re: guestbook script is still vulnerable under apache Dean Gaudet (Jun 25)
- Re: guestbook script is still vulnerable under apache Lars Eilebrecht (Jun 25)
- Re: guestbook script is still vulnerable under apache Andrew Clegg (Jun 26)
- Re: security hole in mailx Seth McGann (Jun 25)