Taint Mode in Perl: Unterschied zwischen den Versionen
Aus Markus' Wiki
Markus (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „Good Links: * http://gunther.web66.com/FAQS/taintmode.html * http://stackoverflow.com/questions/2228457/is-perls-taint-mode-useful * http://www.linux-praxis.d…“) |
Markus (Diskussion | Beiträge) |
||
Zeile 1: | Zeile 1: | ||
+ | Code Injection: | ||
+ | |||
+ | #!/usr/bin/perl | ||
+ | my $name = $cgi->param("name"); # Get the name from the browser | ||
+ | ... | ||
+ | $dbh->TaintIn = 1; | ||
+ | $dbh->execute("SELECT * FROM users WHERE name = '$name';"); # Execute a SQL query | ||
+ | |||
+ | |||
Good Links: | Good Links: | ||
Version vom 9. Juli 2012, 08:13 Uhr
Code Injection:
#!/usr/bin/perl my $name = $cgi->param("name"); # Get the name from the browser ... $dbh->TaintIn = 1; $dbh->execute("SELECT * FROM users WHERE name = '$name';"); # Execute a SQL query
Good Links: