|
| From: | catmat |
| Subject: | [Gnumed-devel] (no subject) |
| Date: | Wed, 24 Nov 2004 10:31:31 +1100 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913 |
http://twiki.org/cgi-bin/view/Codev/TWikiRelease01Sep2004looks like what a hacker has to do is to look at all the public applications at a web site, and then look at the download site of that application. If there is a recently updated application version, the hacker checks the security notices of that application version to see if there is an easy vulnerability to exploit.
+ # fix for Codev.SecurityAlertExecuteCommandsWithSearch
+ # vulnerability, search: "test_vulnerability '; ls -la'"
+ $theSearchVal =~ s/(^|[^\\])([\'\`])/\\$2/g; # Escape ' and `
+ $theSearchVal =~ s/address@hidden(/$1\\\(/g; # Defuse @( ... )
and $( ... )
+ $theSearchVal = substr($theSearchVal, 0, 1500); # Limit string length
+
my $originalSearch = $theSearchVal;
It's pretty appalling that this vulnerability appears in a web application in 2004 , when in 2001 I attended a web design course which filled an auditorium ( > 300) , and they were all told to escape
all user input , especially if they are passing parameters to commands, because of this type of vulnerability in web scripting languages. What a sensational story ( maybe channel 7 will buy it?)
| [Prev in Thread] | Current Thread | [Next in Thread] |