Amiga.org

Operating System Specific Discussions => Amiga OS => Amiga OS -- Development => Topic started by: carls on February 28, 2003, 11:20:02 AM

Title: gW3S for Unix - exploits!
Post by: carls on February 28, 2003, 11:20:02 AM: Not really AmigaOS development, but still:
I'm porting (or rather, re-writing) gW3S for Linux, using the Regina REXX interpreter and some nifty GNU utils (awk, ls etc.)

The big question is: How do I avoid the simplest exploit ever (IE the query string hack)? :-)

I'd like to avoid stuff like this:
document.xgi?var=value;cat /etc/passwd

...but I'd also like to provide the XGI scripts with an unescaped query string.

I'm passing the QS as an argument to the chosen script.
I've tried using environment variables but it doesn't really work setting these with Regina's VALUE()...

Any ideas would be helpful!
:-?

SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies