|
__TITLE:__ Serious security bug. __PROBLEM:__ Shell command called w/o input verification. This shouldnot happen ... please read a book about basic programming stuff. man:huhu;touch <a href="man:huhu;touch>do anything i want</a> <a href="man:huhu;touch">do anything i want</a> __RESPONSE:__ __SOLUTION:__ make a regex s/![^A-Za-z0-9_-]//g on the input. regards, Tom Bille __STATUS:__ OPEN |
|