Gossamer Forum
Home : Products : DBMan : Discussions :

Re: Major Security Hole (fix incl)

Quote Reply
Re: Major Security Hole (fix incl) In reply to
In Reply To:
Any user in the world can run any command on your web server if you use DBMan . To
fix this hole, replace the line
$regexp_func[$field] = eval "sub { m/$tmpreg/o }";

with

$regexp_func[$field] = sub { m/$tmpreg/o };

in the file db.cgi.
This is in fact quite distressing and I'm very surprised that Alex hasn't jumped in with any input?



easy does it
Subject Author Views Date
Thread Post deleted by ELB ELB 5480 Jun 15, 2000, 8:48 AM
Thread Re: Major Security Hole (fix incl)
AstroBoy 5292 Jun 20, 2000, 11:03 PM
Post Re: Major Security Hole (fix incl)
JPDeni 5323 Jun 20, 2000, 11:45 PM
Thread I probably shouldn't, but here's a hint
ELB 5285 Jun 21, 2000, 3:41 PM
Post Re: I probably shouldn't, but here's a hint
AstroBoy 5266 Jun 21, 2000, 6:42 PM
Post Re: Major Security Hole (fix incl)
Bearwithme 5231 Jun 22, 2000, 1:32 AM
Post Re: Major Security Hole (fix incl)
Stealth 5228 Jun 22, 2000, 6:18 PM
Thread Re: Major Security Hole (fix incl)
gusmelo 5072 Jul 4, 2000, 6:18 PM
Thread Re: Major Security Hole (fix incl)
Bearwithme 5114 Jul 4, 2000, 6:37 PM
Post oops, sorry. fix for my fix is forthcoming
ELB 5118 Jul 5, 2000, 8:27 AM