Re^5: How to avoid Null Byte Injection

Nik, you've been here long enough to know that "it didn't work" is fairly meaningless to everyone who wants to try to help you.

However, I do suspect that if you've verified that the user is trying to do something naughty, updating the database anyway is probably wrong. If so, your exit is in the wrong place and you need at least one more closing brace.

Comment on Re^5: How to avoid Null Byte Injection

Replies are listed 'Best First'.
Re^6: How to avoid Null Byte Injection by Nik (Initiate) on Oct 09, 2006 at 08:00 UTC
You are right i must of coutse be more precise. Actually i did made it work :-) my $passage = param('select') \|\| "Αρχική + Σελίδα!"; Encode::from_to($passage, "utf8", "ISO-8859-7") if param(); if ( param('select') ) { unless (grep { $_ eq param('select') } @display_files) { $passage = "Backward Directory Traversal hack will NOT help you +here, Mighty Lamer!"; print br() x 2, h1( {class=>'big'}, $passage ); $select = $dbh->prepare( "UPDATE guestlog SET passage=?, date=?, +counter=counter+1 WHERE host=?" ); $select->execute( $passage, $date, $host ); exit; } [download] Actually inside grep function i had to sue param('select') and not variable $passage not sure why though...	[reply] [d/l]

Replies are listed 'Best First'.

Re^6: How to avoid Null Byte Injection
by Nik (Initiate) on Oct 09, 2006 at 08:00 UTC

my $passage = param('select') || "&#913;&#961;&#967;&#953;&#954;&#942;
+ &#931;&#949;&#955;&#943;&#948;&#945;!";
Encode::from_to($passage, "utf8", "ISO-8859-7") if param();

if ( param('select') )
{
    unless (grep { $_ eq param('select') } @display_files)
    {
    $passage = "*Backward Directory Traversal* hack will NOT help you 
+here, Mighty Lamer!";
    print br() x 2, h1( {class=>'big'}, $passage );
    
     $select = $dbh->prepare( "UPDATE guestlog SET passage=?, date=?, 
+counter=counter+1 WHERE host=?" );
    $select->execute( $passage, $date, $host );
    
        exit;
    }
[download]

[reply]
[d/l]