Regarding the infamous ResultTemplate security hole where you can supply something like ../../../../../../../etc/passwd in the URL and GET it, here's a SearchScript workaround I just dreamed up using filtered searches: <% if (InStr(Request.ResultTemplate, "..") > 0) OR (InStr(Request.ResultTemplate, "/") = 1) Then %> <% Request.QueryText = "" %> <% Request.ResultTemplate = "" %> <% endif %> If anyone sees any holes in this that I haven't covered, PLEASE speak up. I've tested it under Search'97 IS 2.1 (which we use, and for which there is no patch yet). How it works: If I see ".." anywhere in the ResultTemplate or "/" at the start of it, then I reset QueryText and ResultTemplate right away. Downstream, I look for blank queries and, if I find any, I just pretend that no search was performed and show the default search page again. I've informed Verity Technical Support of this workaround as well. Please feel free to write me with any questions pertaining to the above snippet. -- Joe D'Andrea AT&T Laboratories ----------------------------------------------------------------- PGP Fingerprint: DF 7C 75 57 28 ED 52 7F 5B 77 A7 32 C8 9E 0C D2
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:06:39 PDT