Bugtraq mailing list archives
Re: A security vulnerability in S8Forum
From: steve () Watt COM (Steve Watt)
Date: Mon, 6 Jan 2003 19:20:01 -0800
In article <20030105032650.16087.h011.c009.wm () mail canada com criticalpath net> you write: [ snip ]
SOLUTION : ==========
[ snip ]
if(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email) && $email != "") {
Please note that there are many more characters valid in the LHS of an email address, for example +, that are often desirable. Disallowing such addresses is a major nuisance. A beautiful example is the useful feature in sendmail that allows user+whatever () dom ain, which allows users to invent infinite variations on their email address for tracking spam database propagation. In this particular application, the error is more widespread than the fix you cite -- if you're going to allow random users to control file names on your system, you certainly shouldn't put the contents somewhere that a web server can directly find it. That bit of software seems to need a major review. -- Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.8" / 37N 20' 14.9" Internet: steve @ Watt.COM Whois: SW32 Free time? There's no such thing. It just comes in varying prices...
Current thread:
- A security vulnerability in S8Forum nmsh_sa (Jan 06)
- Re: A security vulnerability in S8Forum Steve Watt (Jan 21)
- Re: A security vulnerability in S8Forum David Wilson (Jan 15)
- Re: A security vulnerability in S8Forum Steve Watt (Jan 21)