Bugtraq mailing list archives
Re: Sendpage (Perl CGI) Remote Execution Vulnerability
From: John Imrie <john.imrie () pa press net>
Date: Wed, 28 Nov 2001 09:24:30 +0000
[snip]
To fix, simply filter out all "dangerous" characters: ,';"/`\%$#{}-&<>... I prefer to keep things simple and remove all non-alphanumeric characters: $message =~ s/[^\w\s]//g;
I find that filtering out dangerous characters can lead to problems, as it is allways possible to miss one. A safer version is to only allow 'good' characters $message =~ s/[^A-Za-z0-9]//g;
Current thread:
- Sendpage (Perl CGI) Remote Execution Vulnerability Pedram Amini (Nov 27)
- Re: Sendpage (Perl CGI) Remote Execution Vulnerability John Imrie (Nov 28)
- Re: Sendpage (Perl CGI) Remote Execution Vulnerability Seth Arnold (Nov 28)
- Re: Sendpage (Perl CGI) Remote Execution Vulnerability John Imrie (Nov 28)