CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[OT] Re: login cgi argument sanity checking

On Aug 23, 2005, at 11:38 AM, Cory Snavely wrote:

(I will occasionally see strings like "|cat /etc/passwd" passed as a CGI argument to web applications we run, and thoroughly roll my eyes at such pathetic attempts, but it goes to show that some folks will try an exploit in any conceivable place.)

Not as pathetic as you might think. The Daily WTF (http:// is filled with code from deployed systems that have such ridiculous holes. A recent, somewhat relevant post: http://

Sorry for the only tangentially-related post,


-- Sacha Michel Mallais - 800 lb. gorilla Global Village Consulting Inc.: 1. Never tell everything at once. -- Ken Venturi, Ken Venturi's Two Great Rules of Life

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010