Home page logo

bugtraq logo Bugtraq mailing list archives

Re: guestbook script is still vulnerable under apache
From: felicity () KLUGE NET (Theo Van Dinter)
Date: Thu, 25 Jun 1998 16:19:20 -0400

| The script attempts to strip out SSI's with the following regex:
| $value =~ s/<!--(.|\n)*-->//g;

I don't use the program in question so I can't pass this on to the author, but
here is a replacement for that "bad" line that will handle all (to my
knowledge) SSI's including malformed ones:

        <!                  # Comments start with <!
        ([^<>]|<[^<>]+>)*   # Remove anything in between, including
                            # the non-spec'ed included tags ...
        >                   # End of the comment.
    }{}gsx;                 # Replace with Nothing

This replaces <! ... >, including "not correct" commented-out tags.  Works great in a little web spider I wrote.

Randomly Generated Tagline:
Capital Punishment means never having to say "YOU AGAIN?"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]