|
From: | catmat |
Subject: | [Gnumed-devel] (no subject) |
Date: | Wed, 24 Nov 2004 10:31:31 +1100 |
User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913 |
http://twiki.org/cgi-bin/view/Codev/TWikiRelease01Sep2004looks like what a hacker has to do is to look at all the public applications at a web site, and then look at the download site of that application. If there is a recently updated application version, the hacker checks the security notices of that application version to see if there is an easy vulnerability to exploit.
+ # fix for Codev.SecurityAlertExecuteCommandsWithSearch + # vulnerability, search: "test_vulnerability '; ls -la'" + $theSearchVal =~ s/(^|[^\\])([\'\`])/\\$2/g; # Escape ' and ` + $theSearchVal =~ s/address@hidden(/$1\\\(/g; # Defuse @( ... ) and $( ... ) + $theSearchVal = substr($theSearchVal, 0, 1500); # Limit string length + my $originalSearch = $theSearchVal;
It's pretty appalling that this vulnerability appears in a web application in 2004 , when in 2001 I attended a web design course which filled an auditorium ( > 300) , and they were all told to escape
all user input , especially if they are passing parameters to commands, because of this type of vulnerability in web scripting languages. What a sensational story ( maybe channel 7 will buy it?)
[Prev in Thread] | Current Thread | [Next in Thread] |