Bugtraq mailing list archives
Re: guestbook script is still vulnerable under apache
From: felicity () KLUGE NET (Theo Van Dinter)
Date: Thu, 25 Jun 1998 16:19:20 -0400
| The script attempts to strip out SSI's with the following regex: | | $value =~ s/<!--(.|\n)*-->//g; I don't use the program in question so I can't pass this on to the author, but here is a replacement for that "bad" line that will handle all (to my knowledge) SSI's including malformed ones: $value=~s{ <! # Comments start with <! ([^<>]|<[^<>]+>)* # Remove anything in between, including # the non-spec'ed included tags ... > # End of the comment. }{}gsx; # Replace with Nothing This replaces <! ... >, including "not correct" commented-out tags. Works great in a little web spider I wrote. -- Randomly Generated Tagline: Capital Punishment means never having to say "YOU AGAIN?"
Current thread:
- security hole in mailx, (continued)
- security hole in mailx Alvaro Martinez Echevarria (Jun 24)
- Re: security hole in mailx gold (Jun 25)
- Re: security hole in mailx Casper Dik (Jun 25)
- Bug is sudo? Rhodie (Jun 25)
- Re: Bug is sudo? Warner Losh (Jun 26)
- Re: Bug is sudo? Todd C. Miller (Jun 27)
- Re: security hole in mailx Alvaro Martinez Echevarria (Jun 25)
- Re: security hole in mailx Ben Collins (Jun 25)
- Re: security hole in mailx Theo de Raadt (Jun 25)
- guestbook script is still vulnerable under apache Stunt Pope (Jun 25)
- Re: guestbook script is still vulnerable under apache Theo Van Dinter (Jun 25)
- Re: guestbook script is still vulnerable under apache Andru Luvisi (Jun 25)
- Re: guestbook script is still vulnerable under apache Lincoln Stein (Jun 26)
- dip-3.3.7p exploit (stackpatch_ Thomas Troeger (Jun 26)
- And another qpopper overflow (does this make 3?) Aaron D. Gifford (Jun 28)
- Re: dip-3.3.7p exploit (stackpatch_ M.C.Mar (Jun 28)
- WIPO Bill Aleph One (Jun 25)
- Re: guestbook script is still vulnerable under apache Dean Gaudet (Jun 25)
- Re: guestbook script is still vulnerable under apache Lars Eilebrecht (Jun 25)
- Re: guestbook script is still vulnerable under apache Andrew Clegg (Jun 26)
- Re: security hole in mailx Seth McGann (Jun 25)