Re^2: Simple XML Dumper

Not generally.

If it's documented, it's not so bad, because whoever wants to exploit it could have run perl -e instead.

Comment on Re^2: Simple XML Dumper Download Code

Replies are listed 'Best First'.
Re^3: Simple XML Dumper by jdporter (Paladin) on Sep 30, 2008 at 14:26 UTC
If the script is `setuid`, it's considerably worse than `perl -e`.	[reply]
Re^4: Simple XML Dumper by moritz (Cardinal) on Sep 30, 2008 at 14:32 UTC
If the script is setuid, taint checking is enabled by default, and I don't think that evaling tainted strings is allowed.	[reply]