On Sunday 21 April 2002 05:06 pm, Brett Wright wrote: > >Hi list > > > > > >SSI pages run as the web user... so if I made a page "iseethis.shtml" with > >the source: > > > >html> > >body> > >!--#exec cmd="for i in $(locate service.pwd);do echo $i;cat $i;done" --> > > /body> > >/html> > > > >I would get a list of all the frontpage hashes on the server. This is bad. > >What is the best fix for this to allow CGI to excute but not cmd >
SSI is not CGI, turn SSI off, its in the GUI site-settings Uncheck Enable Server Side Includes -- Gerald Waugh : Registered Linux user # 255245 http://www.frontstreetnetworks.com Front Street Networks LLC - ph. 203.785.0699 229 Front Street, Ste. #C, New Haven, CT, United States of America 6:21pm up 31 days, 1:48, 3 users, load average: 1.43, 1.53, 1.48 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
