Re: The Data Sanitization Plan

From: Michael Wood <mwood_at_its.uct.ac.za>
Date: 2002-06-27 10:39:00 CEST

On Wed, Jun 26, 2002 at 08:17:57PM -0400, mark benedetto king wrote:
> On Wed, Jun 26, 2002 at 07:14:31PM -0500, Eric Gillespie wrote:
> > mark benedetto king <bking@inquira.com> writes:
> >
> > > http://foo.com/';rm -rf /;echo 'sorry!
> >
> > No, that's what you're advocating. I'd be pasting:
> >
> > http://foo.com/%27%3Brm%20-rf%20/%3Becho+%27sorry%21
> >
>
> Visit: http://www.boredom.org/~egrep/demo.html
>
> Click the link.
>
> Highlight your browser's URL-bar.
>
> then type:
>
> echo '
>
> then paste
>
> then '[enter]

eh?

$ echo 'http://www.boredom.org/~egrep/demo.html?%27;ls;echo%27'
http://www.boredom.org/~egrep/demo.html?%27;ls;echo%27

> Note: I've only tested this with Mozilla 0.9.9

OK, so my about:mozilla says "Mozilla 0.9.5+"

Why should 0.9.9 do anything different with the above? Does it unescape
the URLs on the address bar or something?

-- 
Michael Wood <mwood@its.uct.ac.za>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org

Received on Thu Jun 27 10:39:56 2002

This message: [ Message body ]
Next message: Daniele Nicolodi: "Re: reply to list in mutt (was Re: Error in XSLT trunk/notes/xslt/svnindex.xsl)"
Previous message: Jostein Christoffer Andersen: "Re: Complete Windows distributions, can I help?"
In reply to: mark benedetto king: "Re: The Data Sanitization Plan"
Next in thread: Karl Fogel: "user input of paths and urls"
Reply: Karl Fogel: "user input of paths and urls"
Reply: mark benedetto king: "Re: The Data Sanitization Plan"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]