- or download this
# Instead of passing a file name, a malicious user sends
# another command
...
# system() happily executes "ls -l" followed by "rm -rf /"
system("ls -l $user_input");
- or download this
$user_input = "; rm -rf /";
...
# directory" error
system("ls", "-l", $user_input);
- or download this
# Bad
@output = `ls -l $user_input`;
...
die "could not fork" if !defined($kidpid);
exec ("ls", "-l", $user_input) or die "exec failed: $!";
}