Nope... a query string like p0=../../../../../../../../../../bin/ls|%00 doesn't work. With regards, Stan At 09:01 29-4-2001 +0300, you wrote: >Yeah but you can't execute commands right ? >like: >http://www.VULNERABLE.com/cgi-bin/cal_make.pl?p0=../../../../../../../../../ >../../../bin/ls%20/%00 >or something, >this cannot be done... right ?
- PerlCal (CGI) show files vulnerability Stan
- Stan
