|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: BS Scripts Vulnerabilities
From: Raptor (raptor
ANTIFORK.ORG)Date: Fri Dec 22 2000 - 06:15:39 CST
- Next message: Michal Zalewski: "Re: Oracle WebDb engine brain-damagse"
- Previous message: Tom Wu: "Re: SRP is being patented - don't be so quick to use it."
- In reply to: rivendell_teamYAHOO.COM: "BS Scripts Vulnerabilities"
- Reply: Raptor: "Re: BS Scripts Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I believe it's important to point out that just filtering out the ';' char
doesn't fix the problem. Think about using '&' or '&&' instead of it...
Some time ago i had an experience with a vendor i informed of a CGI bug:
they fixed the ';' problem in a lame way, so it was still possible to use
other chars to execute arbitrary commands.
I really think people should learn regex before coding a CGI script and
use them in a way that what is not explicitly accepted is denied (like on
good firewalls policies). Much more safer:)
:raptor
On Thu, 21 Dec 2000 rivendell_teamYAHOO.COM wrote:
> There are a couple of scripts from bsScripts
> (www.stanback.net) , that have holes in them
> because the author did not filter out ; from the form
> input. The scripts that this affects is bsguest (a
> guestbook script) and bslist (a mailing list script).
> The hole allows anyone to execute commands on the
> server. The author has been informed and the holes
> are now patched in the latest release.
Antifork Research, Inc. Mediaservice.net Srl
http://raptor.antifork.org http://www.mediaservice.net
- Next message: Michal Zalewski: "Re: Oracle WebDb engine brain-damagse"
- Previous message: Tom Wu: "Re: SRP is being patented - don't be so quick to use it."
- In reply to: rivendell_teamYAHOO.COM: "BS Scripts Vulnerabilities"
- Reply: Raptor: "Re: BS Scripts Vulnerabilities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]