Jun 20, 2000, 11:03 PM
Enthusiast (720 posts)
Jun 20, 2000, 11:03 PM
Post #2 of 10
Views: 5455
Ok, I've been waiting around for someone to respond to this, but it does'nt look like it's going to happen, so I'll just go right ahead and ask:
Exactly how is this achieved? I tried a few things on my DB... no results...
Don't get me wrong, I'm not asking so I can go around and wreak havoc on every web server running DBMan, I'm asking because it does'nt exactly seem like there are too many people concerned about this.
I mean, only 50 views? and No replies?
The code reads:
$regexp_func[$field] = eval "sub { m/$tmpreg/o }";
Now my perl knowledge isn't great, but the way I see it, as long as we don't evaluate the string (add an 'e' modifier) we're fine...
I could be wrong, I probobly am... But could someone please verify this? Because it isn't exaclty like people are jumping around to spread the word, and if any possible security bug should be squished, it's this one.
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
Exactly how is this achieved? I tried a few things on my DB... no results...
Don't get me wrong, I'm not asking so I can go around and wreak havoc on every web server running DBMan, I'm asking because it does'nt exactly seem like there are too many people concerned about this.
I mean, only 50 views? and No replies?
The code reads:
$regexp_func[$field] = eval "sub { m/$tmpreg/o }";
Now my perl knowledge isn't great, but the way I see it, as long as we don't evaluate the string (add an 'e' modifier) we're fine...
I could be wrong, I probobly am... But could someone please verify this? Because it isn't exaclty like people are jumping around to spread the word, and if any possible security bug should be squished, it's this one.
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
Jun 20, 2000, 11:45 PM
Veteran / Moderator (8669 posts)
Jun 20, 2000, 11:45 PM
Post #3 of 10
Views: 5484
I don't know enough about this to say anything, which is why I didn't say anything.
JPD
http://www.jpdeni.com/dbman/
JPD
http://www.jpdeni.com/dbman/
Jun 21, 2000, 6:42 PM
Enthusiast (720 posts)
Jun 21, 2000, 6:42 PM
Post #5 of 10
Views: 5427
Oh my gosh! It works!
After a fair bit of trial and error, I managed to write a test.txt file to the system. So system commands are possible!
If Alex doesn't already know, he should certainly be told for future releases. It has a couple of restrictions, but it's still a very nasty bug!
Well spotted ol' chap
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
After a fair bit of trial and error, I managed to write a test.txt file to the system. So system commands are possible!
If Alex doesn't already know, he should certainly be told for future releases. It has a couple of restrictions, but it's still a very nasty bug!
Well spotted ol' chap
- Mark
Astro-Boy!!
http://www.zip.com.au/~astroboy/
Jul 4, 2000, 6:18 PM
Novice (5 posts)
Jul 4, 2000, 6:18 PM
Post #8 of 10
Views: 5235
Hi,
I used your Fix, and replaced the line, but something weird happened:
With your line in place - $regexp_func[$field] = sub { m/$tmpreg/o }; - if I make a search using more than one field (example: name AND address), the database keeps returning 0 matches; if I only use one field, it works...
With the original line in place the problem goes away...
Gustavo Melo
I used your Fix, and replaced the line, but something weird happened:
With your line in place - $regexp_func[$field] = sub { m/$tmpreg/o }; - if I make a search using more than one field (example: name AND address), the database keeps returning 0 matches; if I only use one field, it works...
With the original line in place the problem goes away...
Gustavo Melo
Jul 4, 2000, 6:37 PM
User (119 posts)
Jul 4, 2000, 6:37 PM
Post #9 of 10
Views: 5276
easy does it