in reply to Run arbitrary UNIX commands on webserver without telnet
I far prefer the tried and true:
The proper usage of this handy command runner I leave to your imagination, a close read of open's semantics, and a reminder that if you know how to do a URI encoding, you can put pipes etc into the filename.use CGI qw(:standard); # Time passes open(IN, param("input_file")); # and do the rest of the apparently innocuous program
Yes. This is a warning about a basic security mistake that you may be making without realizing it...
|
---|
Replies are listed 'Best First'. | |
---|---|
Re(dmm) 2: Run arbitrary UNIX commands on webserver without telnet
by dmmiller2k (Chaplain) on Oct 30, 2001 at 19:42 UTC |
In Section
Craft