Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re(4): Hacking CGI - security and exploitation

by cjf (Parson)
on Jun 25, 2002 at 03:54 UTC ( #177023=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Re: Hacking CGI - security and exploitation
in thread Hacking CGI - security and exploitation

Thanks for the reply. As for the following:

# why was the following line there? # if($FORM{'path'} =~ m/\0|\r|\n/ig){ die "illegal characters"; }

I was wondering why he bothers removing those characters from a variable that is never used. Perhaps he meant $FORM{'user'} in the $htaccess assignment to be $FORM{'path'}?

Replies are listed 'Best First'.
Re: Re(4): Hacking CGI - security and exploitation
by Anonymous Monk on Jun 25, 2002 at 10:28 UTC
    You are correct. Hence again he demonstrated how to get security wrong. :-)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://177023]
help
Chatterbox?
[Corion]: There are worse ways to enter a website ;)
[Lady_Aleena]: Corion, I'm just hoping Cookies doesn't get too annoying.
[Corion]: Naah, if people got annoyed, they'd tell you ;)

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (7)
As of 2017-04-26 08:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I'm a fool:











    Results (471 votes). Check out past polls.