
Keep It Simple, Stupid
	PerlMonks

SERIOUS SECURITY HOLES ABOVE

by merlyn (Sage)

on Jun 19, 2000 at 17:46 UTC ( [id://18835]=note: print w/replies, xml )

Need Help??

This is an archived low-energy page for bots and other anonmyous visitors. Please sign up if you are a human and want to interact.

in reply to Code Viewer

$filename is being reduced without using File::Basename. In this case, the name could contain \n, so the replacement would stop too early, allowing us to have a name with slashes in it. In fact, I think a name of

"\n|/your/command/here foo bar.gif"
[download]

or whatever $theext is set to would be opened just fine. Actually, I can see that there'd be a little work to get through the maze, but nonetheless, the wrong cargo-cult code was used here, and that makes this code dangerous.

Also, the Location: header needs a space after the colon, required by RFC.

As a style issue, using File::Copy would be preferred.

-- Randal L. Schwartz, Perl hacker

Comment on SERIOUS SECURITY HOLES ABOVE Download Code

In Section Code Catacombs

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://18835]
help

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Notices^?

	• hippo	‥ epoptai's answer Re: how do I set a cookie and redirect was blessed by hippo!
	• erzuuli	‥ Anonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.