Modules

Netquery 3.11 - Vulnerability Bugfix

RVirtue  02-Aug-2005 17:08 6058 Reads  1
A scripting vulnerability has been reported due to inadequate "sanitizing" of user input for certain Netquery v3.1 local execution operations. Additional details are provided in Secunia Product Note 5439 and in Secunia Advisory 16216

This issue has been addressed in ALL editions of Netquery v3.11 currently available from http://virtech.org/tools/ and users are strongly encouraged to update their installations to this latest version.

The Netquery v3.11 bugfix is especially important for those sites where Netquery's local ping and/or local traceroute operations are enabled. For those who may prefer manual application of their own patch, user input for both of those operations is now fully "sanitized" the by using the following function:

function sanitizeSysString($string$min ''$max '')
{
  
$pattern '/(;|||`|>|<|&|^|"|'."n|r|'".'|{|}|[|]|)|()/i';
  
$string preg_replace($pattern''$string);
  
$string '"'.preg_replace('/$/''\$'$string).'"';
  
$len strlen($string);
  if(((
$min != '') && ($len $min)) || (($max != '') && ($len $max)))
    return 
FALSE;
  return 
$string;
}

Netquery links: Downloads | Manual | Live Demo | Forums
Rating 0/5
Rating: 0/5 (0 votes)
Votes are disable!
Print article


Login

Who's Online

69 user(s) are online (1 user(s) are browsing Publisher)


Members: 0


Guests: 69


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Aug 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits

Categories