in reply to
Run arbitrary UNIX commands on webserver without telnet
I far prefer the tried and true:
use CGI qw(:standard);
# Time passes
# and do the rest of the apparently innocuous program
The proper usage of this handy command runner I leave to
your imagination, a close read of open
's semantics, and
a reminder that if you know how to do a URI encoding, you
can put pipes etc into the filename.
Yes. This is a warning about a basic security mistake
that you may be making without realizing it...