Re(4): Hacking CGI - security and exploitation


Do you know where your variables are?
	PerlMonks

Re(4): Hacking CGI - security and exploitation

by cjf (Parson)

on Jun 25, 2002 at 03:54 UTC ( [id://177023]=note: print w/replies, xml )

Need Help??

in reply to Re: Re: Re: Hacking CGI - security and exploitation
in thread Hacking CGI - security and exploitation

Thanks for the reply. As for the following:

# why was the following line there?
# if($FORM{'path'} =~ m/\0|\r|\n/ig){ die "illegal characters"; }
[download]

I was wondering why he bothers removing those characters from a variable that is never used. Perhaps he meant $FORM{'user'} in the $htaccess assignment to be $FORM{'path'}?

Comment on Re(4): Hacking CGI - security and exploitation Select or Download Code

Replies are listed 'Best First'.
Re: Re(4): Hacking CGI - security and exploitation by Anonymous Monk on Jun 25, 2002 at 10:28 UTC
You are correct. Hence again he demonstrated how to get security wrong. :-)	[reply]

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://177023]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others sharing their wisdom with the Monastery: (4)

As of 2024-04-19 03:18 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found