Nmap Announce mailing list archives
Re: nmap..... via web
From: Fyodor <fyodor () dhp com>
Date: Fri, 19 Feb 1999 14:16:28 -0500 (EST)
On Thu, 18 Feb 1999, ajax wrote:
anyway, www.mobis.com/ajax/code/nmap/webmap.cgi is my seven minute rendering of what i think it should look like, complete with sanity checking of the user input variable,
You mean this sanity checking? # sanity check if ($query->param('ip_address') =~ /[~`\#\$\!\%\^\&\*()\|\[\]\{\}\:\;\?]/ ) { print "<H1><tt>Sorry, Try again. </H1>"; exit; } and then later you call: $output = `$nmap $ipaddress 2>&1`; This doesn't look very sufficent to me. For example, the banned chars don't include space or '-'. So what is to stop someone from giving an IP address of '-o/etc/passwd mymachine' and thus overwriting your password file? There are a lot of other command lines which could cause damage. And what if they include a newline and a second command? Remember our favorite phf.cgi? Anyone who writes one of these needs to be very very careful to ONLY allow what is known to be safe -- don't try to ban the stuff you know is unsafe (because you won't catch everything). Note that I havent' actually tested that my 'exploits' work. Those are just some of the things that look like problems at first glance. Cheers, Fyodor -- Fyodor 'finger pgp () www insecure org | pgp -fka' Frustrated by firewalls? Try nmap: http://www.insecure.org/nmap/ In a free and open marketplace, it would be surprising to have such an obviously flawed standard generate much enthusiasm outside of the criminal community. --Mitch Stone on Microsoft ActiveX
Current thread:
- install fails. Jeffrey Roberson (Volt Computer) (Feb 18)
- nmap..... via web Erik Parker (Feb 18)
- Re: nmap..... via web MadHat (Feb 18)
- Re: nmap..... via web Andrew Brown (Feb 18)
- Re: nmap..... via web ajax (Feb 18)
- Re: nmap..... via web Fyodor (Feb 19)
- Re: nmap..... via web ajax (Feb 19)
- Re: nmap..... via web David G. Andersen (Feb 19)
- Re: nmap..... via web Lamont Granquist (Feb 19)
- Re: nmap..... via web Fyodor (Feb 19)
- Re: nmap..... via web Lars Marowsky-Bree (Feb 19)
- Re: nmap..... via web ajax (Feb 19)
- Re: nmap..... via web MadHat (Feb 18)
- Re: nmap..... via web Simple Nomad (Feb 19)
- nmap..... via web Erik Parker (Feb 18)
- Re: nmap..... via web HD Moore (Feb 19)
- Re: nmap..... via web ajax (Feb 18)