Re(4): Hacking CGI - security and exploitation


XP is just a number
	PerlMonks

Re(4): Hacking CGI - security and exploitation

by cjf (Parson)

on Jun 25, 2002 at 03:54 UTC ( #177023=note: print w/ replies, xml )

Need Help??

in reply to Re: Re: Re: Hacking CGI - security and exploitation
in thread Hacking CGI - security and exploitation

Thanks for the reply. As for the following:

# why was the following line there?
# if($FORM{'path'} =~ m/\0|\r|\n/ig){ die "illegal characters"; }
[download]

I was wondering why he bothers removing those characters from a variable that is never used. Perhaps he meant $FORM{'user'} in the $htaccess assignment to be $FORM{'path'}?

Comment on Re(4): Hacking CGI - security and exploitation Select or Download Code
Re: Re(4): Hacking CGI - security and exploitation by Anonymous Monk on Jun 25, 2002 at 10:28 UTC
You are correct. Hence again he demonstrated how to get security wrong. :-)	[reply]

In Section Meditations

Node Status^?

node history
Node Type: note [id://177023]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others surveying the Monastery: (10)

As of 2013-05-18 20:46 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

The best material for plates (tableware) is:

Results (395 votes), past polls