Welcome, Guest. Please login or register.
Amiga Kit Amiga Store Iridium Banner AMIStore App Store A1200/A600 4xIDE Interface

AuthorTopic: gW3S for Unix - exploits!  (Read 684 times)

0 Members and 1 Guest are viewing this topic.

Offline carls

gW3S for Unix - exploits!
« on: February 28, 2003, 11:20:02 AM »
Not really AmigaOS development, but still:
I'm porting (or rather, re-writing) gW3S for Linux, using the Regina REXX interpreter and some nifty GNU utils (awk, ls etc.)

The big question is: How do I avoid the simplest exploit ever (IE the query string hack)? :-)

I'd like to avoid stuff like this:
document.xgi?var=value;cat /etc/passwd

...but I'd also like to provide the XGI scripts with an unescaped query string.

I'm passing the QS as an argument to the chosen script.
I've tried using environment variables but it doesn't really work setting these with Regina's VALUE()...

Any ideas would be helpful!
 :-?
Amiga: Too weird to live, too rare to die.