Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: guestbook script is still vulnerable under apache

From: felicity () KLUGE NET (Theo Van Dinter)
Date: Thu, 25 Jun 1998 16:19:20 -0400

| The script attempts to strip out SSI's with the following regex:
|
| $value =~ s/<!--(.|\n)*-->//g;

I don't use the program in question so I can't pass this on to the author, but
here is a replacement for that "bad" line that will handle all (to my
knowledge) SSI's including malformed ones:

    $value=~s{
        <!                  # Comments start with <!
        ([^<>]|<[^<>]+>)*   # Remove anything in between, including
                            # the non-spec'ed included tags ...
        >                   # End of the comment.
    }{}gsx;                 # Replace with Nothing


This replaces <! ... >, including "not correct" commented-out tags.  Works great in a little web spider I wrote.

--
Randomly Generated Tagline:
Capital Punishment means never having to say "YOU AGAIN?"
Previous By Date Next
Previous By Thread Next

Current thread: