P is for Practical | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Please read the 'perlsec' man page.
open(LINKPAGE, $in{html}); This is one of the worst things you can do in a CGI script. I can pass an argument of html=id;cat+/etc/passwd| to your script, or even more evilly, html=rm+-rf+/| or html=>/etc/passwd or all sorts of evil things. You should a) strip out any strange characters; b) verify that the item in $in{html} refers to a filename in an appropriate location; and c) open it with something like open(LINKPAGE, "< $in{html}"); When writing CGI scripts, always keep perlsec in mind and always run with 'taint checking' enabled (-T). This would have spotted the fact that $in{html} is not safe to trust in critical calls like open() or system(). In reply to DANGER - MAJOR SECURITY ISSUES
by Fastolfe
|
|