BugTraq
Back to list
|
Post reply
RE: Security bug in CGI::Lite::escape_dangerous_chars() function
Feb 13 2003 07:55AM
Hard Coder (hcoder yahoo com)
Hello Ronald and all others
You might be correct with the issue of
escape_dangerous_chars but instead of the technic you
showed
>>open (SM, "|/usr/sbin/sendmail -f rfg $recipient");
I would use
open(SM, "|/usr/sbin/sendmail -oi -t") || die
"sendmail";
...
print SM "To: $recipient\n";
I think an attacker may cause less harm with this
approach even if escape_dangerous_chars is buggy.
HC
__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
You might be correct with the issue of
escape_dangerous_chars but instead of the technic you
showed
>>open (SM, "|/usr/sbin/sendmail -f rfg $recipient");
I would use
open(SM, "|/usr/sbin/sendmail -oi -t") || die
"sendmail";
...
print SM "To: $recipient\n";
I think an attacker may cause less harm with this
approach even if escape_dangerous_chars is buggy.
HC
__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com
[ reply ]