w*s 发帖数: 7227 | 1 Don't know how to describe this clearly,
i have a simple perl CGI code, running with lighttpd.
it has checkbox, if it's set, when you click "submit".
it will trigger my code in the background,
`set_my_value.exe 1`.
if no check that checkbox,
`set_my_value.exe 0`.
Now when i run Rapid7 nexpose, which is a security check application,
it can call my "set_my_value" directly.
So even i didn't check/uncheck the checkbox.
It's setting the values.
Seems lighttpd doesn't support perl taint mode (someone correct me if not
the case), i don't know what to do now.
Any help appreciated.
Thanks ! | c*****m 发帖数: 1160 | | L*1 发帖数: 11537 | 3 Try to run this, and see what you get:
#!/usr/bin/perl
our $v1;
print "v1 = $v1\n";
if ($v1 == 0) {
print "v1 = 0\n";
}
else {
print "v1 != 0\n";
}
Don't know if that caused your problem.
You may change to use "yes", "no", "set", "notset". |
|