[Date Prev]   [Date Next] [Thread Prev]   [Thread Next] [Date Index]   [Thread Index]


     Re: [nocol-users] security problems with webnocol.cgi,genweb.pl,notifier.pl, etc.

Rick Beebe wrote:
> >         As far as webnocol.cgi goes, it will happily execute whatever
> >         the subcommand field in the GET/POST request tells it to
> >         execute! ...
> No, it will only execute the subcommand if it exists in the cmdlist
> array. However, I will take a look at tightening things up.

	Sorry Rick, I did not dig in deep enough to catch that
	detail.  I am delighted to retract my earlier statement
	and embarrassed that I need to. I should have looked closer
	in the first place.