BugTraq
Back to list
|
Post reply
Re: Arbitrary code execution in eping plugin
Jun 14 2005 02:02PM
Jonathan Angliss (jon netdork net)
(1 replies)
Re: Arbitrary code execution in eping plugin
Jun 14 2005 08:55PM
Christoph 'knurd' Jeschke (christoph jeschke gmail com)
Jonathan Angliss schrieb:
> Won't match IPv6 addresses, but neither will the original code, and it
> matches IP addresses perfectly I believe.
My Suggestion for IPv4 is:
^(?!0+\.0+\.0+\.0+$)([01]?\d{1,2}|2[0-2][0-3])\.([01]?\d{1,2}|2[0-4]\d|2
5[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5]
)$
So 0.0.0.0 (Internet) doesn't match, just as 224.0.0.0/4 (Multicast) and
240.0.0.0/4 (Future Use) as described in RFC3330.
(based on the Regex from Mastering Regular Expression, Jeffrey E.F. Friedl)
Any further suggestions?
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> Won't match IPv6 addresses, but neither will the original code, and it
> matches IP addresses perfectly I believe.
My Suggestion for IPv4 is:
^(?!0+\.0+\.0+\.0+$)([01]?\d{1,2}|2[0-2][0-3])\.([01]?\d{1,2}|2[0-4]\d|2
5[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5])\.([01]?\d{1,2}|2[0-4]\d|25[0-5]
)$
So 0.0.0.0 (Internet) doesn't match, just as 224.0.0.0/4 (Multicast) and
240.0.0.0/4 (Future Use) as described in RFC3330.
(based on the Regex from Mastering Regular Expression, Jeffrey E.F. Friedl)
Any further suggestions?
[ reply ]