[Zope-dev] how to accept an arbitrary parameter/anti-NIMDA script
Dieter Maurer
dieter@handshake.de
Sun, 30 Sep 2001 23:50:17 +0200 (CEST)
marc lindahl writes:
> I'm looking at how to get this anti-NIMDA script to work in zope (
> http://pc.xs4all.nl/default.ida)
>
> The thing is, it's called with a parameter (trying to cause a buffer
> overflow). For example:
>
>
> /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> XXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%
> u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a
>
>
> That site has a default.ida which will pass back a perlscript that turns off
> that particular machine's virus under certain cases... sounds like a good
> thing. But how can I get an object called default.ida to accept anything
> passed after the "?" and what kind of object (python script?) should it be?
It can be anything with an explicit or implicit REQUEST parameter.
You can look at "REQUEST.form", e.g. "REQUEST.form.items()".
Dieter