On Thu, 13 Dec 2001 09:47:22 +1030, [EMAIL PROTECTED] (Daniel Falkenberg) wrote:
>I have just finally finished a WWW based Perl program that can >add/delete and change users password from a WWW based script. I have >tried to make this script as secure as I can. The script can modify the >/etc/passwd files.... has any one seen a script like this before? I've seen "ispy.cgi" which gives you a full shell via a web form. I don't think I would ever try to run it on a live webserver. Certainly I wouldn't open a root shell via a web server. Why don't you post the code so the experts here can advise you of loopholes? -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
