Taint Mode in Perl

Aus Markus' Wiki
Wechseln zu: Navigation, Suche

Code Injection:

#!/usr/bin/perl
my $name = $cgi->param("name");  # Get the name from the browser
...
$dbh->TaintIn = 1;
$dbh->execute("SELECT * FROM users WHERE name = '$name';"); # Execute a SQL query

Good Links:

Similar Problems in PHP: