Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror

Comment Most insecure scripts ever (Score 2, Insightful) 523 523

We had a campus wide ban on any of Wright's cgi stuff. Lot's of unescaped system() and exec() and `` from old Matty. One of his scripts is universally known as the best mail forwarder/spam relays ever. Another would actually pass rm -rf * to the command line. All you had to do was stuff a semicolon after the form input. I spent a whole semester writing secure work-a-likes to his scripts and also writing LWP stuff that would poke around for his scripts on our user webspace -- especially the formmailer. Egads.

It's great to be smart 'cause then you know stuff.

Working...