Re^4: How to avoid Null Byte Injection

In <../data/text/*.txt> there iare all the text files index.pl will use and they are loaded in array display_files: This till didtn work:

if ( param('select') )
{
    unless (grep { $_ eq $passage } @display_files)
    {
    print br() x 2;
    print h1( {class=>'big'},  "*Backward Directory Traversal* hack wi
+ll NOT help you here, Mighty Lamer!" );
    
     $select = $dbh->prepare( "UPDATE guestlog SET passage=?, date=?, 
+counter=counter+1 WHERE host=?" );
    $select->execute( $passage, $date, $host );
    
        exit;
    }
[download]

Comment on Re^4: How to avoid Null Byte Injection Download Code

Replies are listed 'Best First'.
Re^5: How to avoid Null Byte Injection by chromatic (Archbishop) on Oct 08, 2006 at 20:58 UTC
Nik, you've been here long enough to know that "it didn't work" is fairly meaningless to everyone who wants to try to help you. However, I do suspect that if you've verified that the user is trying to do something naughty, updating the database anyway is probably wrong. If so, your exit is in the wrong place and you need at least one more closing brace.	[reply]
Re^6: How to avoid Null Byte Injection by Nik (Initiate) on Oct 09, 2006 at 08:00 UTC
You are right i must of coutse be more precise. Actually i did made it work :-) my $passage = param('select') \|\| "Αρχική + Σελίδα!"; Encode::from_to($passage, "utf8", "ISO-8859-7") if param(); if ( param('select') ) { unless (grep { $_ eq param('select') } @display_files) { $passage = "Backward Directory Traversal hack will NOT help you +here, Mighty Lamer!"; print br() x 2, h1( {class=>'big'}, $passage ); $select = $dbh->prepare( "UPDATE guestlog SET passage=?, date=?, +counter=counter+1 WHERE host=?" ); $select->execute( $passage, $date, $host ); exit; } [download] Actually inside grep function i had to sue param('select') and not variable $passage not sure why though...	[reply] [d/l]