CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner: how to avoid security holes for CGI code using checkbox ?: Edit Log



ningji
Novice

Apr 18, 2013, 3:54 PM


Views: 287
how to avoid security holes for CGI code using checkbox ?

Don't know how to describe this clearly,
i have a simple perl CGI code, running with lighttpd.

it has checkbox, if it's set, when you click "submit".
it will trigger my code in the background,
`set_my_value.exe 1`.

if no check that checkbox,
`set_my_value.exe 0`.

Now when i run Rapid7 nexpose, which is a security check application,
it can call my "set_my_value" directly.
So even i didn't check/uncheck the checkbox.
It's setting the values.

Seems lighttpd doesn't support perl taint mode (someone correct me if not the case), i don't know what to do now.

Any help appreciated.

Thanks !


(This post was edited by ningji on Apr 18, 2013, 3:57 PM)


Edit Log:
Post edited by ningji (Novice) on Apr 18, 2013, 3:56 PM
Post edited by ningji (Novice) on Apr 18, 2013, 3:57 PM


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives