Bugtraq mailing list archives
RE: Security bug in CGI::Lite::escape_dangerous_chars() function
From: Hard Coder <hcoder () yahoo com>
Date: Wed, 12 Feb 2003 23:55:17 -0800 (PST)
Hello Ronald and all others You might be correct with the issue of escape_dangerous_chars but instead of the technic you showed
open (SM, "|/usr/sbin/sendmail -f rfg $recipient");
I would use open(SM, "|/usr/sbin/sendmail -oi -t") || die "sendmail"; ... print SM "To: $recipient\n"; I think an attacker may cause less harm with this approach even if escape_dangerous_chars is buggy. HC __________________________________________________ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
Current thread:
- Security bug in CGI::Lite::escape_dangerous_chars() function Ronald F. Guilmette (Feb 11)
- <Possible follow-ups>
- Re: Security bug in CGI::Lite::escape_dangerous_chars() function tee (Feb 12)
- Re: Security bug in CGI::Lite::escape_dangerous_chars() function John Madden (Feb 13)
- RE: Security bug in CGI::Lite::escape_dangerous_chars() function Hard Coder (Feb 13)