w*s
发帖数: 7227 | 1 【 以下文字转载自 Linux 讨论区 】
发信人: wds (净洗前尘,从头再来), 信区: Linux
标 题: how to avoid security holes for perl CGI code using checkbox ?
发信站: BBS 未名空间站 (Thu Apr 18 19:01:05 2013, 美东)
Don't know how to describe this clearly,
i have a simple perl CGI code, running with lighttpd.
it has checkbox, if it's set, when you click "submit".
it will trigger my code in the background,
`set_my_value.exe 1`.
if no check that checkbox,
`set_my_value.exe 0`.
Now when i run Rapid7 nexpose, which is a security check application,
it can call my "set_my_value" directly.
So even i didn't check/uncheck the checkbox.
It's setting the values.
Seems lighttpd doesn't support perl taint mode (someone correct me if not
the case), i don't know what to do now.
Any help appreciated.
Thanks ! |
|
