[VPM] alternative to perl's Open?
Carl B. Constantine
cconstan at csc.uvic.ca
Tue Sep 7 10:36:39 CDT 2004
A recent hack here at UVic caused no end of grief for system staff. We
managed to shut the cracker down, but not before quite a bit of damage
was done to 75 web pages.
The exploit took advantage of a perl CGI script that used the Open
command. The perl script is supposed to take a file, upload it to the
site and run the file (used for testing people's course code). The
cracker took advantage of that and included a standard pipe '|' in the
command to wget and the rest is, as they say, history.
So my question is, how do you code around that? If you need to do
something like this, what should you do?
Thanks in advance.
Carl B. Constantine University of Victoria
Programmer Analyst http://www.csc.uvic.ca
UNIX System Administrator Victoria, BC, Canada
cconstan at csc.uvic.ca ELW B206, 721-8766
More information about the Victoria-pm