17 Dec
2003
17 Dec
'03
11:17 p.m.
Don't forget system(), which was a major source of holes in the NCSA server. Also, CGI scripts, especially those that run under perl or sh, would be a good place to look for holes. Don't forget to see what happens when you put semi-colons in the data field of various fields, such as mailto:'s.
A CGI-script hole doesn't count as a netscape server hole. system() is probably pretty bad though. -- sameer Voice: 510-601-9777 Community ConneXion FAX: 510-601-9734 An Internet Privacy Provider Dialin: 510-658-6376 http://www.c2.org (or login as "guest") sameer@c2.org