Apr 18, 2013, 6:55 PM
Post #3 of 5
sorry i'm at home now,
Re: [FishMonger] how to avoid security holes for CGI code using checkbox ?
[In reply to]
e.g. a very simple page, 1 checkbox, 1 submit button,
-name => 'more_info',
-value => 'yes',
-selected => 1,
-label => 'Would you like more info?');
if i check the checkbox, then click submit.
from param() it'll know i checked this box.
So it'll exec a code in the background, e.g. turn on a xterm.
Now this web security tool can simulate this checkbox event, then send to web server.
when i run this tool, i can see many xterms in my server side. But no one is actually clicking the webpage.
So what's the best way to block this kind of fake checkbox message pls ?
What is the problem you're needing to solve?
Also, please post your script.
(This post was edited by ningji on Apr 18, 2013, 6:56 PM)