Apr 18, 2013, 3:54 PM
Don't know how to describe this clearly,
how to avoid security holes for CGI code using checkbox ?
i have a simple perl CGI code, running with lighttpd.
it has checkbox, if it's set, when you click "submit".
it will trigger my code in the background,
if no check that checkbox,
Now when i run Rapid7 nexpose, which is a security check application,
it can call my "set_my_value" directly.
So even i didn't check/uncheck the checkbox.
It's setting the values.
Seems lighttpd doesn't support perl taint mode (someone correct me if not the case), i don't know what to do now.
Any help appreciated.
(This post was edited by ningji on Apr 18, 2013, 3:57 PM)