[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] potential cgi vulnerability?
- Subject: RE: [cobalt-users] potential cgi vulnerability?
- From: "John Adair" <J.Adair@xxxxxxxxxxxxxxxx>
- Date: Mon Feb 18 10:56:00 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hello,
I found these articles to be of use to myself and I know they will help
you.
http://phrack.org/show.php?p=49&a=8
http://phrack.org/show.php?p=55&a=7
http://hoohoo.ncsa.uiuc.edu/cgi/security.html
- - -
Opinions expressed do not necessarily represent the views of my employer.
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient,
please telephone, fax or e-mail to the sender without delay. Return this
message or delete this message and any attachment from your system as per
our request. If you are not the intended recipient you must not copy this
message or attachments or disclose the contents to any other person.
> -----Original Message-----
> From: cobalt-users-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Craig Martin
> Sent: Monday, February 18, 2002 12:49 PM
> To: cobalt-users@xxxxxxxxxxxxxxx
> Subject: [cobalt-users] potential cgi vulnerability?
>
>
> let's say I have a simple submission form
> a field is entered and sent to my cgi
>
> I later use this field as part of a command-line operation
>
> despite the fact it is url-encoded
> am I vulenerable to any hack?
> can somebody subvert the contents of that
> field submit so that rogue statements are executed on
> my commandline?
>
> or is url-encoding enought to prevent this?
>
> Craig
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>