[7032] in bugtraq
Re: guestbook script is still vulnerable under apache
daemon@ATHENA.MIT.EDU (Theo Van Dinter)
Thu Jun 25 17:55:48 1998
Date: Thu, 25 Jun 1998 16:19:20 -0400
Reply-To: Theo Van Dinter <felicity@KLUGE.NET>
From: Theo Van Dinter <felicity@KLUGE.NET>
X-To: Stunt Pope <markjr@shmOOze.net>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Message from Stunt Pope <markjr@shmOOze.net> of "Thu, 25 Jun 1998
15:07:41 EDT." <XFMail.980625150741.markjr@shmOOze.net>
| The script attempts to strip out SSI's with the following regex:
|
| $value =~ s/<!--(.|\n)*-->//g;
I don't use the program in question so I can't pass this on to the author, but
here is a replacement for that "bad" line that will handle all (to my
knowledge) SSI's including malformed ones:
$value=~s{
<! # Comments start with <!
([^<>]|<[^<>]+>)* # Remove anything in between, including
# the non-spec'ed included tags ...
> # End of the comment.
}{}gsx; # Replace with Nothing
This replaces <! ... >, including "not correct" commented-out tags. Works great in a little web spider I wrote.
--
Randomly Generated Tagline:
Capital Punishment means never having to say "YOU AGAIN?"
