KitzKikz  KitzKikz: SogudiIssues_20060101   RecentChanges 
 PopularPages 
 SearchPages 
 Home | Trail - SogudiIssues_2007... > SogudiIssues_2006...
 
 

TITLE: Serious security bug. PROBLEM:

Shell command called w/o input verification. This shouldnot happen ... please read a book about basic programming stuff.

man:huhu;touch

<a href="man:huhu;touch>do anything i want</a>

RESPONSE:

SOLUTION:

make a regex s/[^A-Za-z0-9_-]//g on the input.

regards, Tom Bille

STATUS: OPEN

 

   

 
 EditThisPage · LinksToPage · PageInfo 01/01/06 09:48:37  ·  0.1285s