KitzKikz  KitzKikz: SogudiIssues_20060101   RecentChanges 
 PopularPages 
 SearchPages 
 Home | Trail - WineMakingQuestion > SogudiIssues_2006...
 

  __TITLE:__ Serious security bug.
__PROBLEM:__

Shell command called w/o input verification. This shouldnot happen ... please read a book about basic programming stuff.

man:huhu;touch

<a href="man:huhu;touch>do anything i want</a>
<a href="man:huhu;touch">do anything i want</a>

__RESPONSE:__

__SOLUTION:__

make a regex s/![^A-Za-z0-9_-]//g on the input.

regards,
Tom Bille

__STATUS:__ OPEN
 

 
  ·  0.0839s