Vulnerability Development mailing list archives

Re: Guestbook perl script (error fix)

From: zweije () XS4ALL NL (Vincent Zweije)
Date: Sat, 9 Oct 1999 13:54:32 +0200


Matt Carothers:

||  The entire "<!--#" has to be there to trigger a directive handler.  Removing
||  all occurances of "<!--#" from the input is sufficient to neuter all
||  server-side includes.
||
||  $value =~ s/<!--#//g;

I suspect that will fail for:

    <!--<!--##

Ciao.                Vincent.

Current thread:

Re: Classes?, (continued)
- - - Re: Classes? Dragos Ruiu (Oct 16)
    - Re: Classes? Bacano (Oct 17)
    - Re: Classes? Max Vision (Oct 18)
    - Re: Classes? David R. Conrad (Oct 17)
    - Re: Classes? Crispin Cowan (Oct 18)
    - Re: Classes? George Kurtz (Oct 20)
    - Re: Classes? Max Vision (Oct 24)
    - MediaHouse Enterprise Monitor 5.20 Sebastian Andersson (Oct 21)
    - Re: Classes? Bacano (Oct 19)
    - Re: NT SysKey should be breakable Mikael Olsson (Oct 10)
  - Re: Guestbook perl script (error fix) Vincent Zweije (Oct 09)