Some people today from efnet just hacked the Copmany that gives people free ftp access and Perl and MySQl support for people to upload their webpages www.50free.com through my Website.

They used a security hole of an open command at index.pl this to be exact. 
print start_form(-action=>"index.pl");
   print p( {-align=>'center'}, font( {-size=>5, -color=>'Lime'}, 'Λόγ
+ος Ψυχωφελής και Θαυμάσιος => ' ),
                                popup_menu( -name=>'select', -values=>
+\@files ),
                                submit('ok'));
print end_form();

$file = param("select") || $files[rand(@files)];

open(IN, "../data/texts/$file") or die $!;

[download]
and they gave similar to this string at their address bar kos.50free.net/cgi-bin/index.pl?select=../../../../../bin/ls%20-la%20%7e%7c to do it. Tehy passed values to the select variaable and di those things.With the same way the gained a pseudo shell access within my user accoutn and did various things.

My question is this: Should i have to be considered responsible for such an action? I just today found out that my site had a security hoel like that, or is the Compnay to blame for not should and could secure better their server?

At the moment neither i can login to my ftp account o lot of hours ago. and neither the Compnay's main webpage functioning?? What is your opinion? I beleive not mine because i am a newbie user and i cant know whether or not my website has security flaws or holes (at the moment i just want my webpage to work), security is not my conecrn now. I beleive the company should have imagined that might these could happened and prevent them

What do you think?

20040525 Edit by castaway: Changed title from 'Compnay hackes through my Perl's Website Securtity hole'

In reply to Company hacks through my Perl's Website Security hole by Nik

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.