in reply to Re: Hacking CGI - security and exploitation
in thread Hacking CGI - security and exploitation
I can't imagine anyone actually providing a direct portal to files via a form.
There have been two recent cases on this site where someone has linked to code they've inherited/written that has done this (and more). Luckily, in both cases they were very open to suggestions and took the code down immediately and went off to learn more about security.
anyone who does anything in CGI should study the topic very closely before they use a script anyway.
Should and do are two very different things. It's no secret that many people first come into contact with Perl by trying to write a script for their website. Saying "well you should have studied security" after the fact is of little use. The more that is written on the subject, and the more commonplace it becomes, the better.