Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Sendpage (Perl CGI) Remote Execution Vulnerability
From: John Imrie <john.imrie () pa press net>
Date: Wed, 28 Nov 2001 09:24:30 +0000


To fix, simply filter out all "dangerous" characters:
,';"/`\%$#{}-&<>... I prefer to keep things simple and remove all
non-alphanumeric characters:

      $message =~ s/[^\w\s]//g;

I find that filtering out dangerous characters can lead to problems, as it is 
allways possible to miss one. A safer version is to only allow 'good' 

$message =~ s/[^A-Za-z0-9]//g;

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]