Taint Mode in Perl
Aus Markus' Wiki
Version vom 9. Juli 2012, 08:16 Uhr von Markus (Diskussion | Beiträge)
Code Injection:
#!/usr/bin/perl my $name = $cgi->param("name"); # Get the name from the browser ... $dbh->TaintIn = 1; $dbh->execute("SELECT * FROM users WHERE name = '$name';"); # Execute a SQL query
Good Links:
- http://gunther.web66.com/FAQS/taintmode.html
- http://stackoverflow.com/questions/2228457/is-perls-taint-mode-useful
- http://www.linux-praxis.de/lpic2/lpi201/perl3.html
- http://en.wikipedia.org/wiki/Taint_checking
Similar Problems in PHP: