[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: The Data Sanitization Plan

From: Michael Wood <mwood_at_its.uct.ac.za>
Date: 2002-06-27 10:39:00 CEST

On Wed, Jun 26, 2002 at 08:17:57PM -0400, mark benedetto king wrote:
> On Wed, Jun 26, 2002 at 07:14:31PM -0500, Eric Gillespie wrote:
> > mark benedetto king <bking@inquira.com> writes:
> >
> > > http://foo.com/';rm -rf /;echo 'sorry!
> >
> > No, that's what you're advocating. I'd be pasting:
> >
> > http://foo.com/%27%3Brm%20-rf%20/%3Becho+%27sorry%21
> >
>
> Visit: http://www.boredom.org/~egrep/demo.html
>
> Click the link.
>
> Highlight your browser's URL-bar.
>
> then type:
>
> echo '
>
> then paste
>
> then '[enter]

eh?

$ echo 'http://www.boredom.org/~egrep/demo.html?%27;ls;echo%27'
http://www.boredom.org/~egrep/demo.html?%27;ls;echo%27

> Note: I've only tested this with Mozilla 0.9.9

OK, so my about:mozilla says "Mozilla 0.9.5+"

Why should 0.9.9 do anything different with the above? Does it unescape
the URLs on the address bar or something?

-- 
Michael Wood <mwood@its.uct.ac.za>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jun 27 10:39:56 2002

This is an archived mail posted to the Subversion Dev mailing list.