Home page logo

bugtraq logo Bugtraq mailing list archives

Re: perl-cgi hole in UltimateBB by Infopop Corp.
From: mckinnon () ISIS2000 COM (Bill)
Date: Mon, 14 Feb 2000 15:33:14 -0500

"Sergei A. Golubchik" wrote:

The fix is obvious. But the rule of the thumb is "do not use magic perl open".
At least in cgi scripts. If you want to open regular file, sysopen does
the trick as well.

   Isn't open(FH, "< $variable") sufficient to stop any embedded |'s, etc
from doing anything harmful, as well?

- Bill

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]