Imagine if I ran the following commands:

cd /tmp mkdir Site printf '%s\n' 'print "0wn3d\n";' >Site/HTML.pm ln -s /path/to/script.cgi script.cgi ./script.cgi

This is exactly what -T is suppose to prevent.

Update: Original exploit didn't actually work.

Seeking work! You can reach me at ikegami@adaelis.com


In reply to Re: Using relative paths with taint mode by ikegami
in thread Using relative paths with taint mode by Bod

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":