From: "Nadav Har'El" <[EMAIL PROTECTED]> > On Wed, Jun 26, 2002, Orna Agmon wrote about "Re: [Haifux] Re: [sct-hackers] Re: Syscalltrack Site": > > On Wed, 26 Jun 2002, Shlomi Fish wrote: > > "?" is not a part of the path name. It is the way for the browser to pass > > variables to the script, using the "post" method. Look at the url formed > > Actually, that is the GET method, not POST. > > Orna, in light of the /etc/passwd trick, I think you should redesign the > script... And if you can't get some expert to look at it for security > flaws, I suggest (with no disrespect intended) that you practice on an > non-connected machine, and in the meantime just have static pages (i.e > files)... >
I can help in writing the base PHP code. Email me if you want me to. Sagi -------------------------------------------------------------------------- Haifa Linux Club Mailing List (http://linuxclub.il.eu.org) To unsub send an empty message to [EMAIL PROTECTED]