Home page logo

bugtraq logo Bugtraq mailing list archives

Re: guestbook script is still vulnerable under apache
From: surfboy () DARKWAVE ORG UK (Andrew Clegg)
Date: Fri, 26 Jun 1998 09:50:30 +0100

Quoting Lars Eilebrecht (Lars.Eilebrecht () UNIX-AG ORG):

IMHO the guestbook script should not try to strip out SSIs, but rather
reject every input which contain the sequence "<!--#".

Personally I favour replacing every < with a &lt; and every > with a &gt;

That way the users get out exactly what they put in...


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]