> >Hi list > > >SSI pages run as the web user... so if I made a page "iseethis.shtml" with >the source: > >html> >body> >!--#exec cmd="for i in $(locate service.pwd);do echo $i;cat $i;done" --> > /body> >/html> > >I would get a list of all the frontpage hashes on the server. This is bad. >What is the best fix for this to allow CGI to excute but not cmd
This can be executed on a raq3i >HELP!!! > >Regards >Brett _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
