[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] potential cgi vulnerability?

Subject: [cobalt-users] potential cgi vulnerability?
From: "Craig Martin" <Craig@xxxxxxxxxxxxxxx>
Date: Mon Feb 18 09:59:02 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

let's say I have a simple submission form
a field is entered and sent to my cgi

I later use this field as part of a command-line operation

despite the fact it is url-encoded
am I vulenerable to any hack?
can somebody subvert the contents of that
field submit so that rogue statements are executed on
my commandline?

or is url-encoding enought to prevent this?

Craig

Follow-Ups:
- RE: [cobalt-users] potential cgi vulnerability?
  - From: John Adair
- RE: [cobalt-users] potential cgi vulnerability?
  - From: Paul Alcock

References:
- RE: [cobalt-users] secondary dns
  - From: Utopia Research Dept
- Re: [cobalt-users] secondary dns
  - From: Jeff Lasman
- Re: [cobalt-users] secondary dns
  - From: Mike Vanecek

Prev by Date: Re: [cobalt-users] secondary dns
Next by Date: RE: [cobalt-users] secondary dns
Previous by thread: RE: [cobalt-users] secondary dns
Next by thread: RE: [cobalt-users] potential cgi vulnerability?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index