Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: PHP Net Toolpack: input validation error
From: Jon Ribbens <jon+bugtraq () unequivocal co uk>
Date: Tue, 19 Mar 2002 16:37:45 +0000

ppp-design <security () ppp-design de> wrote:
You can use escapeshellcmd() to check the input for unwanted characters.
So you can replace the bad line in the traceroute function with the
following two lines:

$sec_input=escapeshellcmd($a_query);
exec("/sbin/traceroute $sec_input",$ret_strs);

Note that this does not do what you think it does. escapeshellcmd is
not the right function to use - at the very least, people can still
pass more than one parameter to traceroute when you only want them to
be able to pass one. The correct function to use is escapeshellarg.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault