Re: Another Sql Injection

From: Cactus Corp. (nXewsXalaXksaX_at_nXxtg.XnetX)
Date: 08/10/05

  • Next message: Yoshitha: "problem while executing exe from web app" 
    Date: Wed, 10 Aug 2005 09:36:02 +0200

    > <asp:RegularExpressionValidator id="valEmail" runat="server"
    > ControlToValidate="txtEmail"
    > ValidationExpression=".*@.*\..*"
    > ErrorMessage="Error !"
    > display="dynamic"/>
    >

    You are requesting :

    "This string should CONTAIN any character, any number of times, followed
    by an '@', followed by any character, any times, followed by a dot '.', followed
    by any character, any number of times."

    Those strings are valid:

        "hi there ! how are you ? @ nice. Thanks!"
        "sdfsdklfjsdkfjsdf-%*ç%"*ç"*D\n\t\o\'@???^^^.asdsdd"
        "......................@...................."
        and so on.

    When constructing a RE , first thing I'd advise you is to write down the rule.

    "This string should contain 4 parts:

        - the username: any word character, no spaces, no tabs, only alphanumerics, - and dots . in the middle of them
                antonio
                antonio-fontes
                antonio.fontes
                antonio2000fontes
                ...

        - the @ :
                 a single an only @
        - the domain name: one or more alpha words (a-z) with tiret : '-' , each word separated by a dot :
                domain.
                domain.example.
                server.domain
                server.domain.example.

        - the top level domain name:
                2, 3 or four letters:
                ch
                de
                com
                gov
                name
                info"

    This is your rule. Now let's format the four parts. I will make them very simple,
    it will be up to you to make them allow larger entries:

    Part 1 : username, one or more words, each separated by a dot or a minus.

            \w+([-\.]\w+)*

    Part 2 : the @

            @

    Part 3 : the domain name(s):

        \w+([-\.]\w+)*

    Part 4 : the top level domain name:

        \.\w{2,4}

    Which leads us to :

        \w+([-\.]\w+)*@\w+([-\.]\w+)*\.\w{2,4}

    And extremely IMPORTANT : we need to LOCK what is entered before
    this, and after this with the ^ (beginning) and $ (end of) signs:

        ^\w+([-\.]\w+)*@\w+([-\.]\w+)*\.\w{2,4}$

    Hope this will help you building your own regular expression!!

    antonio

  • Next message: Yoshitha: "problem while executing exe from web app"