Your skill will accomplish what the force of many cannot |
|
PerlMonks |
DANGER - MAJOR SECURITY ISSUESby Fastolfe (Vicar) |
on Jun 03, 2000 at 01:31 UTC ( [id://16137]=note: print w/replies, xml ) | Need Help?? |
Please read the 'perlsec' man page. open(LINKPAGE, $in{html}); This is one of the worst things you can do in a CGI script. I can pass an argument of html=id;cat+/etc/passwd| to your script, or even more evilly, html=rm+-rf+/| or html=>/etc/passwd or all sorts of evil things. You should a) strip out any strange characters; b) verify that the item in $in{html} refers to a filename in an appropriate location; and c) open it with something like open(LINKPAGE, "< $in{html}"); When writing CGI scripts, always keep perlsec in mind and always run with 'taint checking' enabled (-T). This would have spotted the fact that $in{html} is not safe to trust in critical calls like open() or system().
In Section
Code Catacombs
|
|