+ACI-Gunther Birznieks+ACI- wrote:
+AD4- There are probably multiple issues with this script. I don't really have
+AD4- the time to do a security audit for you but in a 5 minute glance
+AD4-
+AD4- A) -t is supposed to be -T if you are enabling taint mode
Doh+ACE- Missed that one.
+AD4- B) It a
There are probably multiple issues with this script. I don't really have
the time to do a security audit for you but in a 5 minute glance
A) -t is supposed to be -T if you are enabling taint mode
B) It appears as if there is very little checking done on the path that is
issued. Things like
I've been asked if this script is secure. I believe it is. Can anyone find
any problems with it?
#!/usr/bin/perl -w -t
use strict;
use Apache;
$ENV{GATEWAY_INTERFACE} =~ /^CGI-Perl/ or die "GATEWAY_INTERFACE not Perl!";
my $r = Apache->request();
my %args = $r->args();
my $path = $r->uri;
##
