Not really. If your form allows uploads, your form allows uploads. That's
where DoS comes into play. Disguising the location of your code is a start,
but you still have to figure out what you're going to do if someone tries to
paste rogue code into your form or hit you with an obnoxiously large upl
> The answer to your question is: Be afraid, be very afraid. A wiley cracker
> may be able to run system commands if you allow him/her to upload code.
Even
> without knowing that much, they could simply create a script that
generates
> a big enough upload to cause DoS (denial of service) on your se
y's Center: http://teddy.fcc.ro/
Email: [EMAIL PROTECTED]
- Original Message -
From: "Scot Robnett" <[EMAIL PROTECTED]>
To: "Cool Hand Luke" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, March 31, 2003 10:57 PM
Subject: RE: The very un-u
: Monday, March 31, 2003 1:38 PM
To: fliptop
Cc: [EMAIL PROTECTED]
Subject: Re: The very un-useful 'premature end of script headers' error
message
> just because you don't need to parse any binaries doesn't mean your users
> won't try to submit one.
>
> don&#x
> just because you don't need to parse any binaries doesn't mean your users
> won't try to submit one.
>
> don't forget anyone can create any kind of form that posts to your cgi.
> so there's nothing stopping me from creating a form like this:
>
> http://coolhandlukesite/cgi-bin/script.cgi";
> enc
On Sun, 30 Mar 2003 at 22:43, Cool Hand Luke opined:
[reply cc'd to group]
CHL:> and to offer one example as an answer to your question, how would you
CHL:> parse a binary file uploaded to your script using your split(/[&;]/,
CHL:> $submission) code?
CHL:
CHL:Not parsing any binaries, just simple
On Sun, 30 Mar 2003 at 12:53, Cool Hand Luke opined:
CHL:Now, why not? Also, notice that the code I used is not what you have quoted.
CHL:Really am curious as to why not, though.
because someone else has already written a pretty solid module for parsing
query strings, and it's been tried and tes
uot;Cool Hand Luke" <[EMAIL PROTECTED]>
Sent: Friday, March 28, 2003 5:44 PM
Subject: Re: The very un-useful 'premature end of script headers' error
message
> >>>>> "Cool" == Cool Hand Luke <[EMAIL PROTECTED]> writes:
>
> Cool> Hello All,
t: Re: The very un-useful 'premature end of script headers' error
message
On Fri, Mar 28, 2003 at 09:33:19PM -0500, Bill Burke
([EMAIL PROTECTED]) said something similar to:
> I added a chat room at my site http://www.speakerscorner.us . You are
> welcome there and we can discuss PER
nt to miss anything
That's what IRC is for :)
Cheers,
Kevin
>
> -Original Message-
> From: Randal L. Schwartz [mailto:[EMAIL PROTECTED]
> Sent: Friday, March 28, 2003 8:44 PM
> To: [EMAIL PROTECTED]; Cool Hand Luke
> Subject: Re: The very un-useful 'p
. Schwartz [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 29, 2003 12:34 AM
To: Scot Robnett
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Cool Hand Luke
Subject: Re: The very un-useful 'premature end of script headers' error
message
>>>>> "Scot" == Scot Robnett <[
> "Scot" == Scot Robnett <[EMAIL PROTECTED]> writes:
Scot> Somebody better tell Nathan Patwardhan, Ellen Siever, & Stephen
Scot> Spainhour then. I'm looking at the 2nd edition of PERL IN A
Scot> NUTSHELL (and that is exactly how it's printed) right now.
I don't have a copy of the book at han
nce but just had to throw that in there. :)
-Original Message-
From: Randal L. Schwartz [mailto:[EMAIL PROTECTED]
Sent: Friday, March 28, 2003 11:18 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; Cool Hand Luke
Subject: Re: The very un-useful 'premature end of script headers' error
messa
From: Randal L. Schwartz [mailto:[EMAIL PROTECTED]
Sent: Friday, March 28, 2003 11:18 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; Cool Hand Luke
Subject: Re: The very un-useful 'premature end of script headers' error
message
>>>>> "Bill" == Bill Burke <[EMAIL P
ay, March 29, 2003 12:18 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; Cool Hand Luke
Subject: Re: The very un-useful 'premature end of script headers' error
message
>>>>> "Bill" == Bill Burke <[EMAIL PROTECTED]> writes:
Bill> Thanks for the edification. Yo
> "Bill" == Bill Burke <[EMAIL PROTECTED]> writes:
Bill> Thanks for the edification. You have been one of the most prolific
Bill> contributors to the group, so I take no umbrage. Truly, you write it as
Bill> perl, but the books label it PERL (Practical Extraction and Reporting
Bill> Language).
not your expertise.
-Original Message-
From: Randal L. Schwartz [mailto:[EMAIL PROTECTED]
Sent: Friday, March 28, 2003 9:29 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; Cool Hand Luke
Subject: Re: The very un-useful 'premature end of script headers' error
message
>>&g
> "Bill" == Bill Burke <[EMAIL PROTECTED]> writes:
Bill> I added a chat room at my site http://www.speakerscorner.us . You are
Bill> welcome there and we can discuss PERL in real time. Don't quit the user
Bill> group though, you won't want to miss anything
And there's no such thing as "PERL".
28, 2003 8:44 PM
To: [EMAIL PROTECTED]; Cool Hand Luke
Subject: Re: The very un-useful 'premature end of script headers' error
message
>>>>> "Cool" == Cool Hand Luke <[EMAIL PROTECTED]> writes:
Cool> Hello All,
Cool> I think I figured it out
> "Cool" == Cool Hand Luke <[EMAIL PROTECTED]> writes:
Cool> Hello All,
Cool> I think I figured it out, (so far). I 'm pretty sure that it has to do
Cool> with perl 5.003 disliking the looping with the "my $pair" syntax.
Cool> As a work around, I changed this
Cool> foreach my $pai
Hello All,
I think I figured it out, (so far). I 'm pretty sure that it has to do
with perl 5.003 disliking the looping with the "my $pair" syntax.
As a work around, I changed this
foreach my $pair (split(/[&;]/, $submission)) {
# Convert plus to space
$pair =~ y/+/ /;
nything in the error logs. Thanks!
Luke
- Original Message -
From: "Dennis G. Wicks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 7:04 PM
Subject: Re: The very un-useful 'premature end of script headers' error
message
>
gt;, [EMAIL PROTECTED]
> Subject: Re: The very un-useful 'premature end of script headers' error
> message
>
> Hi Scott,
> Thanks for the reply. I tried using your code (I'm a beginner with the
> cgi module so please let me know if I made any obvious errors) and
<[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 4:13 PM
Subject: RE: The very un-useful 'premature end of script headers' error
message
> A couple of things, and I don't know if this affects Stronghold and I'm
not
> sure with which bro
: Cool Hand Luke [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 26, 2003 5:52 PM
To: [EMAIL PROTECTED]
Subject: Re: The very un-useful 'premature end of script headers' error
message
BTW, that's Stronghold/Apache version 1.3.4 if that helps...
Thanks Again
Luke
- Original Messag
BTW, that's Stronghold/Apache version 1.3.4 if that helps...
Thanks Again
Luke
- Original Message -
From: "Cool Hand Luke" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 3:41 PM
Subject: The very un-useful 'premature end of script headers' error message
> Hi
26 matches
Mail list logo
