Taint Mode in Perl: Unterschied zwischen den Versionen
Aus Markus' Wiki
Markus (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „Good Links: * http://gunther.web66.com/FAQS/taintmode.html * http://stackoverflow.com/questions/2228457/is-perls-taint-mode-useful * http://www.linux-praxis.d…“) |
Markus (Diskussion | Beiträge) |
||
| Zeile 1: | Zeile 1: | ||
| + | Code Injection: | ||
| + | |||
| + | #!/usr/bin/perl | ||
| + | my $name = $cgi->param("name"); # Get the name from the browser | ||
| + | ... | ||
| + | $dbh->TaintIn = 1; | ||
| + | $dbh->execute("SELECT * FROM users WHERE name = '$name';"); # Execute a SQL query | ||
| + | |||
| + | |||
Good Links: | Good Links: | ||
Version vom 9. Juli 2012, 08:13 Uhr
Code Injection:
#!/usr/bin/perl
my $name = $cgi->param("name"); # Get the name from the browser
...
$dbh->TaintIn = 1;
$dbh->execute("SELECT * FROM users WHERE name = '$name';"); # Execute a SQL query
Good Links:
