On Wed, Jan 16, 2013 at 9:02 AM, Bruce Cran <[email protected]> wrote:
> On http://www.openssl.org/support/community.html the mailing list
> subscription feature is broken - clicking "Send to Majordomo" just displays
> the majordomo.cgi script.
It also looks like its injectable:
$query_string = $ENV{'QUERY_STRING'};
Shouldn't that be escaped for good measure?
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
