|
A quick search of the databases didn't show
anything about this particular problem though the principle is well recognised
as an issue:
FormHandler.cgi available from http://www.cgi-perl.com/programs/FormHandler
uses hard coded physical paths for templates etc so
it's possible to get sensitive files like /etc/passwd by modifying a site's
form and submitting it.
Cheers,
David Litchfield
Cerberus Information Security
+44(0)181 661 7405
|
- Re: FormHandler.cgi Mnemonix
- Re: FormHandler.cgi m4rcyS
- Re: FormHandler.cgi Kevin Hemenway
