[25825] in bugtraq
Re: Another small metacharacter bug in Penguin Traceroute v1.0
daemon@ATHENA.MIT.EDU (Andreas Beck)
Mon Jun 17 18:57:16 2002
Date: Mon, 17 Jun 2002 19:26:33 +0200
From: Andreas Beck <becka@uni-duesseldorf.de>
In-reply-to: <3D0DD01F.FFB9D234@obit.nl>
To: bugtraq@securityfocus.com
Mail-Followup-To: Andreas Beck <becka@uni-duesseldorf.de>,
bugtraq@securityfocus.com
Message-id: <20020617172633.GA685@uni-duesseldorf.de>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-disposition: inline
Content-transfer-encoding: 7BIT
Marco van Berkum <m.v.berkum@obit.nl> wrote:
> this line "$host =~ s/[;<>\*\|'&\$!?#\(\)\[\]\{\}:'"\\]//g;" under it and
> Well, yes, it does parse out some metacharacters, but, the " ` " (backtick)
> is not filtered out in any way. (probably one of the two quotes " ' " should be
> a backtick). Also the slash and the hyphen are not filtered.
>
> Second fix: replace the second quote by a backtick and add slash and hyphen
> to the filter :)
Umm - it's a traceroute-sort-of-thing - right? So why not fixing it with a
whitelist instead of a blacklist?
Allowed domain names should be within [a-zA-z-.]* - right?
To cater for IPv6 one could add the colon (unless that poses a problem -
I see it filtered out above ...), and be done with it.
CU, Andy
--
Andreas Beck | Email : <becka@uni-duesseldorf.de>
