Comment Re:It was a CGI hack (Score 1) 216
Just wanted to point out another common programming error in the cgi, fixing which could have stopped the exploit.
The code which checked for slashes and backslashes allowed either one to match using Perl regex's $| operator. If the $| had been omitted, and instead the check would have consisted of two lines, one checking for slashes and the other one checking for backslashes, and if the checks had otherwise taken better care to assure that illegal names couldn't be passed through, the exploit could've been avoided.
The author of the exploit description might have missed that the following filename would also have passed:
In other words, there was no need for all the dots.
