[Pdx-pm] [csieh at fnal.gov: Re: Horribly Broken RHEL5/SL5 Perl]

Daniel Johnson teknotus at gmail.com
Tue Aug 26 11:48:35 PDT 2008

> What part of the CGI spec or code takes CGI parameters and stores them
> in system ENV, before perl is even invoked?

Sorry I'm thinking of a PHP "feature".  My excuse is that I didn't get
enough sleep last night.

Still probably many ways to exploit it.  Especially if your perl is
called from php.

More information about the Pdx-pm-list mailing list