|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: path traversal exploits
From: Alexander Hall (alexander
beard.se)
Date: Sun Jul 01 2007 - 09:49:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Perhaps someone more experienced can comment on this one. I'm not
> exactly sure, but i suspect you found nothing for the following simple
> reason: if all you want to do is checking for simple path traversal
> under Unix, m/^\// and m/\.\./ are all you need.
Except that it would make valid names like "path/foo...bar/baz" fail.
I'd rather test for
m#(?:^|/)\.\.(?:/|$)# (perl regexp)
or
m#^\.\.$#
m#^\.\./#
m#/\.\./#
m#/\.\.$#
Untested though. Expect it to fail or don't blame me.
/Alexander
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]