by sanitize i mean just check that u dont directly put the data coming from cmd or command to exec() or functions that might compromise the security of your system. By url i mean example: yoursite.com/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid= http://www.google.com/humans.txt? would show you what he got
On Thu, Feb 13, 2014 at 2:08 AM, Knute Johnson <[email protected]>wrote: > On 2/12/2014 08:43, rahul bhola wrote: > >> because of HTTP Response 302 a safe bet would be to say he didnt get >> anything still i would recommend you to sanitize the data u get from >> parameter command and cmd. >> Also simply go to the url to see what he saw >> > > To what URL? What do you mean sanitize? > > > Thanks, > > -- > > Knute Johnson > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Rahul Bhola B.E. computers Core Member Department of backstage Bits Pilani KK Birla Goa Campus
