Kinda reminds me of the Google search for 'More evil than satan himself'... Except that with Google that is a by-product of how they index, not a special case, (or at least that's my understandaing). You can search on Google for simply "more evil" and get MicroSoft. IIRC, this is becuase Google searches not only the page but the pages that link to the page you are looking for. Therefore, becuase so many people have linked to MicroSoft near the word evil, it comes up when you search.
Looking at this: http://www.hackpcweek.com/exploit.html
He says: > $filename =~ s/.+\\([^\\]+)$|.+\/([^\/]+)$/\1/; > We see, if the $filename matches the regexp, > it's turned to ascii 1 (SOH).
This is wrong. The \1 in the replace part will return the first register. This is contrary to the rest of Perl, but a documented special case.
It's kind of sad that he had to look in Phrack to see the flaw in the regex. It seems pretty plain to me. If your path contains a backslash (for, ugh, Windows NT compatibility) then it will take everything from the final backslash to end of the string as the file name, allowing you to have absolute paths like: foo\/etc/passwd%00.gif Which would overwrite the password file...
Slashdot Mirror
Kinda reminds me of the Google search for 'More evil than satan himself'...
Except that with Google that is a by-product of how they index, not a special case, (or at least that's my understandaing). You can search on Google for simply "more evil" and get MicroSoft. IIRC, this is becuase Google searches not only the page but the pages that link to the page you are looking for. Therefore, becuase so many people have linked to MicroSoft near the word evil, it comes up when you search.
Looking at this:
http://www.hackpcweek.com/exploit.html
He says:
> $filename =~ s/.+\\([^\\]+)$|.+\/([^\/]+)$/\1/;
> We see, if the $filename matches the regexp,
> it's turned to ascii 1 (SOH).
This is wrong. The \1 in the replace part will return the first register. This is contrary to the rest of Perl, but a documented special case.
It's kind of sad that he had to look in Phrack to see the flaw in the regex. It seems pretty plain to me. If your path contains a backslash (for, ugh, Windows NT compatibility) then it will take everything from the final backslash to end of the string as the file name, allowing you to have absolute paths like:
foo\/etc/passwd%00.gif
Which would overwrite the password file...