Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re(4): Hacking CGI - security and exploitation

by cjf (Parson)
on Jun 25, 2002 at 03:54 UTC ( #177023=note: print w/ replies, xml ) Need Help??


in reply to Re: Re: Re: Hacking CGI - security and exploitation
in thread Hacking CGI - security and exploitation

Thanks for the reply. As for the following:

# why was the following line there? # if($FORM{'path'} =~ m/\0|\r|\n/ig){ die "illegal characters"; }

I was wondering why he bothers removing those characters from a variable that is never used. Perhaps he meant $FORM{'user'} in the $htaccess assignment to be $FORM{'path'}?


Comment on Re(4): Hacking CGI - security and exploitation
Select or Download Code
Re: Re(4): Hacking CGI - security and exploitation
by Anonymous Monk on Jun 25, 2002 at 10:28 UTC
    You are correct. Hence again he demonstrated how to get security wrong. :-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://177023]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (11)
As of 2014-09-19 21:00 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (146 votes), past polls