|
TITLE: Serious security bug. PROBLEM: Shell command called w/o input verification. This shouldnot happen ... please read a book about basic programming stuff. man:huhu;touch <a href="man:huhu;touch>do anything i want</a> RESPONSE: SOLUTION: make a regex s/A-Za-z0-9_-?//g on the input. regards, Tom Bille STATUS: OPEN
|
|