httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Knute Johnson <apa...@knutejohnson.com>
Subject Re: [users@httpd] Possible exploit?
Date Thu, 13 Feb 2014 01:34:33 GMT
On 2/12/2014 13:11, rahul bhola wrote:
> by sanitize i mean just check that u dont directly put the data coming
> from cmd or command to exec() or functions that might compromise the
> security of your system.

Are you talking about in CGI programs?

  By url i mean example:
> yoursite.com/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=
> <http://yoursite.com/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=>http://www.google.com/humans.txt?
> would show you what he got

If I do the above I get a File Not Found (404).  I think there must be 
more to it than that.

-- 

Knute Johnson

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message