On Wed, Jan 16, 2013 at 9:02 AM, Bruce Cran <br...@cran.org.uk> wrote:
> On http://www.openssl.org/support/community.html the mailing list
> subscription feature is broken - clicking "Send to Majordomo" just displays
> the majordomo.cgi script.
It also looks like its injectable:
$query_string = $ENV{'QUERY_STRING'};
Shouldn't that be escaped for good measure?
Jeff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
