Next Program Repair Shop 122

Shell Call Security Disaster

        #!/usr/bin/perl
        use CGI ':standard';
        print header, start_html('Finger Gateway');
        if (param()) {   # Form was submitted
          print "<PRE>\n";
          $cmd = 'finger ' . param('arg'); 
          print `$cmd`;
          print "</PRE>\n";
          exit 0;
        }
        print start_form, textfield('arg'), 
          submit, end_form;
        exit 0;


Next Copyright © 2002 M. J. Dominus