In the course of a war hacking, I found out that one of my friend's computers did no input validation for a search script - I could put whole perl regular expressions in it as input. Is this an exploitable vulnerability? What can you run inside of m// to get information about someone else's system?
Anything. Anything perl can execute:
perl -e '/@{[print `dir`]}/'
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
