[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NYT on Netscape Crack

To: [email protected] (Adam Shostack)
Subject: Re: NYT on Netscape Crack
From: sameer <[email protected]>
Date: Tue, 19 Sep 1995 06:55:06 -0700 (PDT)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]> from "Adam Shostack" at Sep 19, 95 09:49:27 am
Pgp-Strong-Print: 3C AE E4 00 C2 6A 81 FF 49 4E EE 0C CD CD 1D 80
Sender: [email protected]

> 	Don't forget system(), which was a major source of holes in the NCSA server.  
> Also, CGI scripts, especially those that run under perl or sh, would be a good 
> place to look for holes.  Don't forget to see what happens when you put 
> semi-colons in the data field of various fields, such as mailto:'s.
> 

	A CGI-script hole doesn't count as a netscape server hole.
system() is probably pretty bad though. 

-- 
sameer						Voice:   510-601-9777
Community ConneXion				FAX:	 510-601-9734
An Internet Privacy Provider			Dialin:  510-658-6376
http://www.c2.org (or login as "guest")			[email protected]

References:
- Re: NYT on Netscape Crack
  - From: Adam Shostack <[email protected]>

Prev by Date: Re: NYT on Netscape Crack
Next by Date: Re: NYT on Netscape Crack
Prev by thread: Re: NYT on Netscape Crack
Next by thread: Re: NYT on Netscape Crack
Index(es):
- Date
- Thread