Menu
▾
▴
Re: [Nms-cgi-devel] Re: Contribution - guestbook-admin script
|
From: Nick C. <ni...@cl...> - 2004-05-07 09:14:59
|
On Fri, May 07, 2004 at 02:45:42AM +0100, Richard Rose wrote: > Hello again, all. > > Admission of guilt - I missed tainting test, on the logout action in my > guestbook-admin script. A new guestbook-admin script is attached and > uploaded to the same place as the last one. > > The MD5 of the new guestbook-admin.pl is: > MD5 (guestbook-admin.pl) = dd746ef69312c745c778048508a7904e > > It would also appear that I am on the mailing list, should people want > to contact me. Nice work. A couple of points though: There's no check for the validity of 'cookie' apart from where you go to unlink it, so (I think) a cookie value of '../../../../../../etc/passwd' would let you in, since the file exists. What if someone adds a post to the guestbook while the administrator is viewing it, and then the administrator deletes a post ? It seems to me that the wrong post could be deleted. Nick |
