[Home]ToothyWikiInternals/Exploits

ec2-3-91-11-30.compute-1.amazonaws.com | ToothyWiki | ToothyWikiInternals | RecentChanges | Login | Webcomic

Search box


Bleh. Some investigation reveals the fact that the search text is, in fact, a valid [perl regexp]. You can't use the eval operator (thank goodness for small mercies!), but things like unescaped single square brackets and unmatched parentheses can result in errors. Quick, someone, think of an exploit before I fix it!
(PeterTaylor) Please put up a list of the attempts once you've fixed it... My attempt failed.
MoonShadow: Now fixed. I didn't log many attempts (I attributed these by IP address - the attributions might, conceivably be wrong..)

Senji


(?{print hello})
(?{print})


...eval operator was disabled, as I stated above.

You did.  I couldn't tell from the perl manpage I had if only some varieties of eval were disabled or not.  I had some fun with /; <stuff>; / as well, but didn't get anywhere, and couldn't be bothered downloading the code -- Senji

PeterTaylor


/) ; print STDERR "Attempted exploit"; if (/
/) { print STDERR "Exploit"'; } ; if (/


Mph. That's the avenue I was exploring myself. I ended up reading http://www.perldoc.com/perl5.8.0/pod/perlop.html#Gory-details-of-parsing-quoted-constructs to work out why that didn't work..




Rather strange.  I was looking at [MoonShadow's Fame War BNF generator output] at saw a google advert added at the bottom.
Does anyone else get this?  I can't see anything in the BNF source that would add this.  It is only this page that produced this effect.  I'm wondering if it is something on my PC or if my ISP is playing silly bunters.  --DR

That's what the option ::= evil = 1 in the BNF source does. There's also the wiki page equivalent $$C MERCENARY FOOTER - see my homepage for an example. - MoonShadow

ec2-3-91-11-30.compute-1.amazonaws.com | ToothyWiki | ToothyWikiInternals | RecentChanges | Login | Webcomic
Edit this page | View other revisions | Recently used referrers
Last edited February 15, 2008 9:49 pm (viewing revision 10, which is the newest) (diff)
Search: