Home page logo

bugtraq logo Bugtraq mailing list archives

Re: guestbook script is still vulnerable under apache
From: lstein () CSHL ORG (Lincoln Stein)
Date: Fri, 26 Jun 1998 09:29:27 -0400

On Thu, 25 Jun 1998, Theo Van Dinter wrote:
I don't use the program in question so I can't pass this on to the author, but
here is a replacement for that "bad" line that will handle all (to my
knowledge) SSI's including malformed ones:

        <!                  # Comments start with <!
        ([^<>]|<[^<>]+>)*   # Remove anything in between, including
                            # the non-spec'ed included tags ...
        >                   # End of the comment.
    }{}gsx;                 # Replace with Nothing

Tom Christiansen is on record (and in print) as saying that there is
no single regular expression that can be used to strip out HTML
comments (or any other HTML tag) 100% of the time.  I don't see why
you would want to allow a guestbook upload to contain any HTML tags
any way, since it is so easy for broken HTML to mess up the page
downstream of the problem.


Lincoln D. Stein                           Cold Spring Harbor Laboratory
lstein () cshl org                                   Cold Spring Harbor, NY

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]