Bugtraq mailing list archives
Re: guestbook script is still vulnerable under apache
From: surfboy () DARKWAVE ORG UK (Andrew Clegg)
Date: Fri, 26 Jun 1998 09:50:30 +0100
Quoting Lars Eilebrecht (Lars.Eilebrecht () UNIX-AG ORG):
IMHO the guestbook script should not try to strip out SSIs, but rather reject every input which contain the sequence "<!--#".
Personally I favour replacing every < with a < and every > with a > That way the users get out exactly what they put in... Andrew.
Current thread:
- guestbook script is still vulnerable under apache, (continued)
- guestbook script is still vulnerable under apache Stunt Pope (Jun 25)
- Re: guestbook script is still vulnerable under apache Theo Van Dinter (Jun 25)
- Re: guestbook script is still vulnerable under apache Andru Luvisi (Jun 25)
- Re: guestbook script is still vulnerable under apache Lincoln Stein (Jun 26)
- dip-3.3.7p exploit (stackpatch_ Thomas Troeger (Jun 26)
- And another qpopper overflow (does this make 3?) Aaron D. Gifford (Jun 28)
- Re: dip-3.3.7p exploit (stackpatch_ M.C.Mar (Jun 28)
- WIPO Bill Aleph One (Jun 25)
- Re: guestbook script is still vulnerable under apache Dean Gaudet (Jun 25)
- Re: guestbook script is still vulnerable under apache Lars Eilebrecht (Jun 25)
- Re: guestbook script is still vulnerable under apache Andrew Clegg (Jun 26)
- Re: security hole in mailx Seth McGann (Jun 25)