Bugtraq mailing list archives
Re: Security bug in CGI::Lite::escape_dangerous_chars() function
From: John Madden <weez () freelists org>
Date: Wed, 12 Feb 2003 19:57:19 -0500
Better would be...
<snip> And better still would be no command execution at all: use Net::SMTP; my $email = <<EOM; To: $to From: $from Subject: $subject ... ... EOM my $smtp = Net::SMTP->new("mailsever.host.com"); $smtp->mail($from); $smtp->to($to); $smtp->data(); $smtp->datasend($email); $smtp->dataend(); $smtp->quit(); ...No command execution at all, and no need to have the issue-prone sendmail binary even installed on the system. John -- # John Madden weez () freelists org # MailandFiles.com: Your mail, your files: http://www.mailandfiles.com # FreeLists: Free mailing lists for all: http://www.freelists.org # Linux, Apache, Perl and C: All the best things in life are free!
Current thread:
- Security bug in CGI::Lite::escape_dangerous_chars() function Ronald F. Guilmette (Feb 11)
- <Possible follow-ups>
- Re: Security bug in CGI::Lite::escape_dangerous_chars() function tee (Feb 12)
- Re: Security bug in CGI::Lite::escape_dangerous_chars() function John Madden (Feb 13)
- RE: Security bug in CGI::Lite::escape_dangerous_chars() function Hard Coder (Feb 13)