[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] potential cgi vulnerability?

Subject: RE: [cobalt-users] potential cgi vulnerability?
From: "Paul Alcock" <webmgr@xxxxxxxxxxxxxxxxxx>
Date: Mon Feb 18 19:45:12 2002
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> 
> let's say I have a simple submission form
> a field is entered and sent to my cgi
> 
> am I vulenerable to any hack?
> can somebody subvert the contents of that
> field submit so that rogue statements are executed on
> my commandline?
> 
Yes, it is a potential vunerability, unless you prevent it
by following any of the standard processes used by 
such venerables as Randal L. Schwartz uses.

Good source is any of Randals' online code listings
at www.webtechniques.com you'll find similar code 
at perl.com et.al. (BTW webtechniques is now known
as new.architect and no longer is in print form that
includes a perl script junkie. So Sad.

Paul

Follow-Ups:
- Re: [cobalt-users] potential cgi vulnerability?
  - From: Craig Martin

References:
- [cobalt-users] potential cgi vulnerability?
  - From: Craig Martin

Prev by Date: RE: [cobalt-users] secondary dns
Next by Date: Re: [cobalt-users] Email relaying from localhost?
Previous by thread: Re: [cobalt-users] potential cgi vulnerability?
Next by thread: Re: [cobalt-users] potential cgi vulnerability?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index