[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl] Dangerous cgi-script

To: claes@canit.se (Claes Bjorklund)
Subject: Re: [MacPerl] Dangerous cgi-script
From: pudge@pobox.com (Chris Nandor)
Date: Thu, 10 Jul 1997 13:08:59 -0500
Cc: mac-perl@iis.ee.ethz.ch

At 9.23 7/10/97, Claes Bjorklund wrote:
>Is this this cgi script dangerous?

>$math = $FORM{'calc'};
>$res=eval "$math";

Yes.  Now, it is not as dangerous as it is on a UNIX box, but it is still
dangerous.  Any Perl statement can be executed by the web user.

Imagine the calculation was something like this, but only more damaging:

        MacPerl::Answer('Erase System Folder?', 'OK')

--
Chris Nandor             pudge@pobox.com             http://pudge.net/
%PGPKey=('B76E72AD',[1024,'0824 090B CE73 CA10  1FF7 7F13 8180 B6B6'])

***** Want to unsubscribe from this list?
***** Send mail with body "unsubscribe" to mac-perl-request@iis.ee.ethz.ch

Prev by Date: Re: [MacPerl] Dangerous cgi-script
Next by Date: Re: [MacPerl] DBM (fwd)
Prev by thread: Re: [MacPerl] Dangerous cgi-script
Next by thread: Re: [MacPerl] Dangerous cgi-script
Navigation: Date Index | Thread Index | Search | Other lists at bumppo.net