in reply to Re: Re: Encrypting Largish Files
in thread Encrypting Largish Files
You're probably fooling youself a bit... The first stage
in almost any cgi exploit is to find a way to read the source code. There are lots of ways to do this, but
a classic one is to use one insecure CGI to read the source
of another. I frequently get entries in my access_log
that look like this:
If the author of some.cgi wasn't careful, its possible that some.cgi will spit back the source to someother.cgi.GET http://whatever.com/cgi-bin/some.cgi?file=../cgi-bin/someother.cgi
-Blake
|
---|
In Section
Seekers of Perl Wisdom