Hi list
SSI pages run as the web user... so if I made a page "iseethis.shtml" with the source: <html> <body> <!--#exec cmd="for i in $(locate service.pwd);do echo $i;cat $i;done" --> </body> </html> I would get a list of all the frontpage hashes on the server. This is bad. What is the best fix for this to allow CGI to excute but not cmd HELP!!! Regards Brett _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
