Bugtraq mailing list archives
Re: Security bug in CGI::Lite::escape_dangerous_chars() function
From: tee () T72 org
Date: Wed, 12 Feb 2003 12:32:29 +0200
Hi Ronald, Ronald F. Guilmette wrote:
Below is a trivially simple example of how this security flaw can cause a problem, in practice: ===================================================================== #!/usr/bin/perl -w use strict; use CGI::Lite; my $cgi = new CGI::Lite; my %form = $cgi->parse_form_data; my $recipient = $form{'recipient'}; my $message = "From: sender\nSubject: Hello\n\nHello my friend!\n\n"; $recipient = escape_dangerous_chars ($recipient); open (SM, "|/usr/sbin/sendmail -f rfg $recipient");
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Uhm... no matter how you escape dangerous stuff but you should not be using that code in the first place... Better would be... $pid = open(MAIL, "|-"); defined ($pid) or die "Fork: $!"; if (!$pid) { exec '/usr/lib/sendmail', '-t', '-oi' || exit 255; } print MAIL "To: $to\n"; print MAIL "From: $from\n"; print MAIL "Subject: $subject\n"; ... ... Peace, --T -- tee at T72 dot org - "On kolmenlaisia ihmisiä - niitä jotka ovat matemaattisesti lahjakkaita ja niitä jotka eivät ole."
Current thread:
- Security bug in CGI::Lite::escape_dangerous_chars() function Ronald F. Guilmette (Feb 11)
- <Possible follow-ups>
- Re: Security bug in CGI::Lite::escape_dangerous_chars() function tee (Feb 12)
- Re: Security bug in CGI::Lite::escape_dangerous_chars() function John Madden (Feb 13)
- RE: Security bug in CGI::Lite::escape_dangerous_chars() function Hard Coder (Feb 13)