Vulnerability Development mailing list archives

Re: CGI insecurities

From: john () RM-R NET (john)
Date: Thu, 27 Jan 2000 10:38:12 -0500


I would agree that stripping is not the right approach

Useful CERT advisory on "keeping the good stuff" with examples
http://www.cert.org/advisories/CA-97.25.CGI_metachar.html

lots of situations.  You're taking the much better approach of only
keeping the good stuff.  However, what to keep depends on what the data
is.

Current thread:

Re: CGI insecurities Dino Dai Zovi (Jan 23)
- <Possible follow-ups>
- Re: CGI insecurities Brooke, O'Neil (Jan 24)
  - Re: CGI insecurities Bill Gilpatric (Jan 25)
- Re: CGI insecurities rain forest puppy (Jan 25)
  - Re: CGI insecurities john (Jan 27)
  - File Share Vacuum Jonas Denily (Jan 27)
    - Re: File Share Vacuum Blue Boar (Jan 27)
    - Re: File Share Vacuum Bjør (Jan 28)
    - Re: File Share Vacuum Dimitry Andric (Jan 30)