|[Date Prev] [Date Next]||[Thread Prev] [Thread Next]||[Date Index] [Thread Index]|
Re: [nocol-users] security problems with webnocol.cgi,genweb.pl,notifier.pl, etc.
Rick Beebe wrote: > > > As far as webnocol.cgi goes, it will happily execute whatever > > the subcommand field in the GET/POST request tells it to > > execute! ... > > No, it will only execute the subcommand if it exists in the cmdlist > array. However, I will take a look at tightening things up. Sorry Rick, I did not dig in deep enough to catch that detail. I am delighted to retract my earlier statement and embarrassed that I need to. I should have looked closer in the first place. Scott