Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #40918

Re: An error when i switched from python v2.6.6 => v3.2.3

Path csiph.com!usenet.pasdenom.info!weretis.net!feeder4.news.weretis.net!cs.uu.nl!news.stack.nl!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <nagia.retsina@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.010
X-Spam-Evidence '*H*': 0.98; '*S*': 0.00; 'else:': 0.03; 'elif': 0.04; 'scripts': 0.09; 'advice.': 0.09; 'logic': 0.09; 'to:addr:comp.lang.python': 0.09; 'cc:addr:python-list': 0.10; 'subject:error': 0.11; 'subject:python': 0.11; 'advice,': 0.16; 'did:': 0.16; 'hacked': 0.16; 'script?': 0.16; 'subject:when': 0.16; 'validation.': 0.16; 'wrote:': 0.17; 'detect': 0.17; 'hack': 0.18; 'followed': 0.20; 'cc:2**0': 0.23; 'somebody': 0.23; 'seems': 0.23; 'script': 0.24; 'cc:addr:python.org': 0.25; 'header :In-Reply-To:1': 0.25; 'header:User-Agent:1': 0.26; 'values': 0.26; 'wonder': 0.27; 'cgi': 0.29; 'source': 0.29; 'fri,': 0.30; "skip:' 20": 0.32; 'received:google.com': 0.34; 'pm,': 0.35; 'received:209.85': 0.35; 'thank': 0.36; 'possible': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'some': 0.38; 'page': 0.38; 'called': 0.39; 'your': 0.60; 'easy': 0.60; 'from:no real name:2**0': 0.60; 'free': 0.61; 'more': 0.63; 'here': 0.65; 'validate': 0.65; 'secure': 0.67; '8bit%:100': 0.70; '8bit%:92': 0.70; '2013': 0.84; 'again!': 0.84; 'hard.': 0.84; 'imagination': 0.84; 'glad': 0.86
X-Received by 10.49.63.164 with SMTP id h4mr333682qes.39.1362798908575; Fri, 08 Mar 2013 19:15:08 -0800 (PST)
Newsgroups comp.lang.python
Date Fri, 8 Mar 2013 19:15:08 -0800 (PST)
In-Reply-To <mailman.3108.1362788858.2939.python-list@python.org>
Complaints-To groups-abuse@google.com
Injection-Info glegroupsg2000goo.googlegroups.com; posting-host=94.68.106.213; posting-account=hGu1uQoAAACZy7LiR653nG0NwqDrTyoS
References <8e17232e-5b24-4040-9215-c4bd89f34fa2@googlegroups.com> <622d4a2d-0014-4254-b211-c8fd66510f74@googlegroups.com> <c2a09443-3c74-477b-af9f-a6f3473ebe88@googlegroups.com> <mailman.3029.1362669207.2939.python-list@python.org> <e63776b9-ba74-4349-9538-7fe95323d4be@googlegroups.com> <mailman.3033.1362670392.2939.python-list@python.org> <33f153b4-4f54-429a-a92d-387b679bf758@googlegroups.com> <20130307105137.a6cae268f7f074fbf5017b1d@lavabit.com> <CAPM-O+w_=e6FA8CA8W_UgxGXebXqNOqFWAf0BXa7FwRe6XYWgQ@mail.gmail.com> <mailman.3048.1362684995.2939.python-list@python.org> <0074be2d-1f52-4626-bf53-fd9591f16bf7@googlegroups.com> <mailman.3050.1362687355.2939.python-list@python.org> <98cd9065-94b0-4fb6-b2fd-6ed96880242d@googlegroups.com> <mailman.3066.1362714922.2939.python-list@python.org> <513a33d7$0$30001$c3e8da3$5496439d@news.astraweb.com> <1a79c210-3c50-43bb-8a78-5d5ef60922ec@googlegroups.com> <mailman.3095.1362772967.2939.python-list@python.org> <85b5c606-a1c7-480b-a900-622f61751b87@googlegroups.com> <mailman.3108.1362788858.2939.python-list@python.org>
User-Agent G2/1.0
X-Google-Web-Client true
X-Google-IP 94.68.106.213
MIME-Version 1.0
Subject Re: An error when i switched from python v2.6.6 => v3.2.3
From nagia.retsina@gmail.com
To comp.lang.python@googlegroups.com
Content-Type text/plain; charset=UTF-8
Content-Transfer-Encoding quoted-printable
Cc Python <python-list@python.org>
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Message-ID <mailman.3111.1362798916.2939.python-list@python.org> (permalink)
Lines 47
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1362798916 news.xs4all.nl 6906 [2001:888:2000:d::a6]:57373
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:40918

Show key headers only | View raw

Τη Σάββατο, 9 Μαρτίου 2013 2:26:56 π.μ. UTC+2, ο χρήστης Ian έγραψε:
> On Fri, Mar 8, 2013 at 1:31 PM, Νίκος Γκρ33κ <nikos.gr33k@gmail.com> wrote:
> 
> > Thank you very much for pointing my flaws once again!
> 
> >
> 
> > I cant beleive how easy you hacked the webserver again and be able to read my cgi scripts source and write to cgi-bin too!
> 
> >
> 
> > I have added extra security by following some of your advice, i wonder if youc an hack it again!
> 
> >
> 
> > Fell free to try if i'am not tiring you please!
> 
> 
> 
> That seems to be better, although I want to stress that I did not try
> 
> very hard.  It's possible that somebody with more patience and
> 
> imagination than myself might still find a way to fool your
> 
> validation.

I'am glad the script has been made more secure after of course you enilghten me and i followed your advice. Here is what i did:


# detect how 'index.html' is called and validate values of 'htmlpage' & 'page'
if page and os.path.isfile( '/home/nikos/www/cgi-bin/' + page ):
	page = page
elif form.getvalue('show') and os.path.isfile( htmlpage ):
	page = htmlpage.replace( '/home/nikos/public_html/', '' )
else:
	page = 'index.html'

Now that you have the if structure's logic can you *still* fool the script?

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 00:18 -0800
  Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 01:06 -0800
    Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 03:27 -0800
      Re: An error when i switched from python v2.6.6 => v3.2.3 "Michael Ross" <gmx@ross.cx> - 2013-03-07 12:51 +0100
        Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 04:25 -0800
          Re: An error when i switched from python v2.6.6 => v3.2.3 "Michael Ross" <gmx@ross.cx> - 2013-03-07 14:06 +0100
            Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:22 -0800
              Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 00:43 +1100
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:56 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:01 +1100
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:11 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:13 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:17 +1100
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:34 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:37 +1100
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:44 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:48 +1100
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:44 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:34 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:13 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 01:16 +1100
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:11 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:56 -0800
            Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 05:22 -0800
        Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 04:25 -0800
  Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:50 -0800
    Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 06:52 -0800
    Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:01 -0800
      Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 02:13 +1100
        Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:26 -0800
          Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 02:33 +1100
            Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:57 -0800
              Re: An error when i switched from python v2.6.6 => v3.2.3 rh <richard_hubbe11@lavabit.com> - 2013-03-07 10:51 -0800
              Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 13:57 -0500
              Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 14:36 -0500
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 12:04 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-07 13:15 -0700
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 16:57 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Vito De Tullio <vito.detullio@gmail.com> - 2013-03-08 04:55 +0100
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:54 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:54 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:56 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-08 18:01 +1100
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 02:51 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 02:51 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 22:56 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-03-08 18:54 +0000
                Re: An error when i switched from python v2.6.6 => v3.2.3 info@cravendot.gr - 2013-03-08 11:19 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 13:01 -0700
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 12:31 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Chris Angelico <rosuav@gmail.com> - 2013-03-09 08:37 +1100
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:18 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-03-09 03:27 +0000
                Re: An error when i switched from python v2.6.6 => v3.2.3 Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-03-09 05:05 +0000
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 23:56 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-03-09 12:43 +0000
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-09 06:16 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-09 06:16 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 rusi <rustompmody@gmail.com> - 2013-03-09 07:20 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:18 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 17:26 -0700
                Re: An error when i switched from python v2.6.6 => v3.2.3 nagia.retsina@gmail.com - 2013-03-08 19:15 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 nagia.retsina@gmail.com - 2013-03-08 19:15 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 12:31 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 13:04 -0700
                Re: An error when i switched from python v2.6.6 => v3.2.3 nagia.retsina@gmail.com - 2013-03-08 12:54 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 emile <emile@fenx.com> - 2013-03-08 14:13 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Ian Kelly <ian.g.kelly@gmail.com> - 2013-03-08 17:18 -0700
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:17 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-03-09 03:33 +0000
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-08 19:17 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 16:57 -0800
                Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 12:04 -0800
            Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:57 -0800
        Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 07:26 -0800
      Re: An error when i switched from python v2.6.6 => v3.2.3 John Gordon <gordon@panix.com> - 2013-03-07 15:55 +0000
        Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 08:00 -0800
          Re: An error when i switched from python v2.6.6 => v3.2.3 Νίκος Γκρ33κ <nikos.gr33k@gmail.com> - 2013-03-07 08:22 -0800
            Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 12:41 -0500
            Re: An error when i switched from python v2.6.6 => v3.2.3 Joel Goldstick <joel.goldstick@gmail.com> - 2013-03-07 13:50 -0500

csiph-web