Τη Σάββατο, 9 Μαρτίου 2013 2:26:56 π.μ. UTC+2, ο χρήστης Ian έγραψε: > On Fri, Mar 8, 2013 at 1:31 PM, Νίκος Γκρ33κ <nikos.gr...@gmail.com> wrote: > > > Thank you very much for pointing my flaws once again! > > > > > > I cant beleive how easy you hacked the webserver again and be able to read > > my cgi scripts source and write to cgi-bin too! > > > > > > I have added extra security by following some of your advice, i wonder if > > youc an hack it again! > > > > > > Fell free to try if i'am not tiring you please! > > > > That seems to be better, although I want to stress that I did not try > > very hard. It's possible that somebody with more patience and > > imagination than myself might still find a way to fool your > > validation.
I'am glad the script has been made more secure after of course you enilghten me and i followed your advice. Here is what i did: # detect how 'index.html' is called and validate values of 'htmlpage' & 'page' if page and os.path.isfile( '/home/nikos/www/cgi-bin/' + page ): page = page elif form.getvalue('show') and os.path.isfile( htmlpage ): page = htmlpage.replace( '/home/nikos/public_html/', '' ) else: page = 'index.html' Now that you have the if structure's logic can you *still* fool the script? -- http://mail.python.org/mailman/listinfo/python-list