CGI/Perl Guide | Learning Center | Forums | Advertise | Login Site Search: in Perl Guide PerlGuru Forums Learning Ctr

	MAIN INDEX	SEARCH POSTS	WHO'S ONLINE	LOG IN

Home: Perl Programming Help: Intermediate: Abuse

srkey newbie Nov 18, 2001, 2:56 PM Post #1 of 2 (286 views) Abuse Can't Post Hi! I've had a lot of problems lately with someone who abused my script. I've been trying to ban him by using his real IP address but he started accessing my script via the proxy. I know that there is a way to get his real IP address even if he's using proxy, but I don't know how. Also, I found out that he managed to abuse the script by entering 0A (line feed) and 0D (carriage return) characters (I have no idea how). Is there a way to ban these characters??? Can anyone help me? Thanks in advance! Best wishes! S.S.

yapp User Nov 19, 2001, 2:30 AM Post #2 of 2 (279 views) Re: Abuse [In reply to] Can't Post I feel sorry for you... It seams that gut is really nasty (considering the proxy story). You have taken down your script I guess? What kind of script is it? What makes him abuse it? If you can post a link to the source, it's easier to find the bugs. You should always be careful with input. Use regexps to validate it. Try a regexp to find whether someone adss a 'CrLf' character in the string. There are also other codes that can be interpreted as a line break. See `perldoc perlport`. You can use -Tw at the #! line. This is a bit difficult, and properly you need to change some code in your script IF you want to get this security flag work without taining errors. -T asumes that all your input is bad, and you need to validate, and extract the data using a regexp first. see `perldoc perlsec` Only then you're allowed to use the input data in system calls, etc.. One other thing... The input isn't used for a directory or something right? If so, you need to check for codes that make a jump to the previous directory, like ../../file.txt or ../../etc/pwd The last example would be terible if your script does something like `cat /home/yourname/$inputname` to display a file. Hope you can do something with it. Yet an Other Perl Programmer _________________________________ Find out more about programming http://www.cool-programming.f2s.com

Announcements     PerlGuru Announcements Perl Programming Help     Frequently Asked Questions     Beginner     Intermediate     Advanced     Regular Expressions     mod_perl     DBI     Win32 Programming Help Fun With Perl     Perl Quizzes - Learn Perl the Fun Way     Perl Golf     Perl Poetry Need a Custom or Prewritten Perl Program?     I need a program that...     I Need a Programmer for Freelance Work     Throw Down The Gauntlet General Discussions     General Questions     Feedback     Tutorial/Article Suggestions for The Learning Cent     Internet Security Other Programming Languages     Javascript     PHP

Search this forum this category all forums for All words Any words Whole Phrase (options)

Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives