On Thu, Apr 18, 2002 at 06:21:52AM +0200, Paul Johnson wrote:
On Wed, Apr 17, 2002 at 07:59:22PM -0400, Michael G Schwern wrote:
Just because the safety is on doesn't mean you should juggle handguns.
Never know whose foot it'll blow off.
Awww. You're no fun.
*bang*
--
Michael G.
Michael G Schwern [EMAIL PROTECTED] schrieb im Newsbeitrag
20020417205231.GV851@blackrider">news:20020417205231.GV851@blackrider...
| On Wed, Apr 17, 2002 at 12:28:37PM -0700, Rick Klement wrote:
| There's already a %dispatch set up for you by perl...
|
| I'd have used it but it just fell into
On Wed, Apr 17, 2002 at 02:02:02PM -0400, Bill -Sx- Jones wrote:
I have the habit of doing:
last if (substr($vFlag, 1, 3) eq 'END');
$vSub = \Sneex if (substr($vFlag, 1, 5) eq 'SNEEX');
$vSub = \Admin if (substr($vFlag, 1, 5) eq 'ADMIN');
$vSub = \Reports if (substr($vFlag, 1,
[EMAIL PROTECTED] wrote:
On Wed, Apr 17, 2002 at 02:02:02PM -0400, Bill -Sx- Jones wrote:
I have the habit of doing:
last if (substr($vFlag, 1, 3) eq 'END');
$vSub = \Sneex if (substr($vFlag, 1, 5) eq 'SNEEX');
$vSub = \Admin if (substr($vFlag, 1, 5) eq 'ADMIN');
$vSub
-- Bill -Sx- Jones [EMAIL PROTECTED]
I have the habit of doing:
last if (substr($vFlag, 1, 3) eq 'END');
$vSub = \Sneex if (substr($vFlag, 1, 5) eq 'SNEEX');
$vSub = \Admin if (substr($vFlag, 1, 5) eq 'ADMIN');
$vSub = \Reports if (substr($vFlag, 1, 7) eq 'REPORTS');
$vSub
On Wed, Apr 17, 2002 at 02:02:02PM -0400, Bill -Sx- Jones wrote:
I have the habit of doing:
last if (substr($vFlag, 1, 3) eq 'END');
$vSub = \Sneex if (substr($vFlag, 1, 5) eq 'SNEEX');
$vSub = \Admin if (substr($vFlag, 1, 5) eq 'ADMIN');
$vSub = \Reports if (substr($vFlag, 1,
suicide is an honorable option.
croak $$: The uers are idiots!
unless $api eq makes sense;
Adding in some sort of delimiter:
SNEEX|ADMIN|END
my %jumpz =
(
SNEEX = \foo,
ADMIN = \bar,
...
);
my $regex = join '|', keys %jumpz;
if( my ($name) = $vflag =~
On 4/17/02 2:22 PM, Michael G Schwern [EMAIL PROTECTED] wrote:
The above implies the format is something like:
SNEEXADMINEND
in which case, suicide is an honorable option.
:)
Actually, the input data looks more like
[SNEEX]
[ADMIN]
[END]
Sorry for the mass hysteria;
Actually, the input data looks more like
[SNEEX]
[ADMIN]
[END]
my $regex = '\b(' . join('|', keys %jumpz) . ')\b';
if( my ($name) = $foo =~ /$regex/o )
{
my $sub = $jumpz{$name};
...
}
Sorry for the mass hysteria;
What hysteria? Hysteria? Oh, no...
On Wed, Apr 17, 2002 at 02:34:20PM -0400, Bill -Sx- Jones wrote:
On 4/17/02 2:22 PM, Michael G Schwern [EMAIL PROTECTED] wrote:
The above implies the format is something like:
SNEEXADMINEND
in which case, suicide is an honorable option.
:)
Actually, the input data looks
On Wed, 17 Apr 2002 15:01:50 -0400, Michael G Schwern wrote:
On Wed, Apr 17, 2002 at 02:34:20PM -0400, Bill -Sx- Jones wrote:
Actually, the input data looks more like
[SNEEX]
[ADMIN]
[END]
# setup %Dispatch as before, then...
while( $vData =~ /\[([A-Z])\]/g ) {
-- Michael G Schwern [EMAIL PROTECTED]
On Wed, Apr 17, 2002 at 12:28:37PM -0700, Rick Klement wrote:
There's already a %dispatch set up for you by perl...
I'd have used it but it just fell into the gaping security hole.
A recent Phrack article pointed out that one of the SOAP/RPC/XML
On Wed, Apr 17, 2002 at 04:38:50PM -0500, Steven Lembark wrote:
A recent Phrack article pointed out that one of the SOAP/RPC/XML
modules was doing this:
$soap-$tainted_method_name(@args);
Use -T and untaint by extracting the subname:
my $flag = ::$input =~ /\w+$/;
Michael G Schwern wrote:
On Wed, Apr 17, 2002 at 12:28:37PM -0700, Rick Klement wrote:
There's already a %dispatch set up for you by perl...
I'd have used it but it just fell into the gaping security hole.
A recent Phrack article pointed out that one of the SOAP/RPC/XML
modules was
On Wed, Apr 17, 2002 at 04:16:08PM -0700, Rick Klement wrote:
Notice that the regex match (which should have been /\[([A-Z]+)\]/ )
effectively untaints and closes the security hole by disallowing
anything through that is not [A-Z]+
This is still too lenient, you've just narrowed the possible
I like something like this, where the sub name is is sub_KEYWORD (from a
CGI, hopefully you can extract usefulness):
eval sub_.param('page') if (param defined param('page') defined
sub_.param('page'));
page_login; # If all else fails...
- adm
At 02:02 PM 4/17/2002, Bill -Sx- Jones wrote:
On Wed, Apr 17, 2002 at 09:01:37PM -0400, Aaron D. Marasco wrote:
I like something like this, where the sub name is is sub_KEYWORD (from a
CGI, hopefully you can extract usefulness):
eval sub_.param('page') if (param defined param('page') defined
sub_.param('page'));
The last clause
On Wed, Apr 17, 2002 at 07:59:22PM -0400, Michael G Schwern wrote:
Just because the safety is on doesn't mean you should juggle handguns.
Never know whose foot it'll blow off.
Awww. You're no fun.
--
Paul Johnson - [EMAIL PROTECTED]
http://www.pjcj.net
18 matches
Mail list logo