Vulnerability Development mailing list archives
Re: CGI insecurities
From: john () RM-R NET (john)
Date: Thu, 27 Jan 2000 10:38:12 -0500
I would agree that stripping is not the right approach Useful CERT advisory on "keeping the good stuff" with examples http://www.cert.org/advisories/CA-97.25.CGI_metachar.html
lots of situations. You're taking the much better approach of only keeping the good stuff. However, what to keep depends on what the data is.
Current thread:
- Re: CGI insecurities Dino Dai Zovi (Jan 23)
- <Possible follow-ups>
- Re: CGI insecurities Brooke, O'Neil (Jan 24)
- Re: CGI insecurities Bill Gilpatric (Jan 25)
- Re: CGI insecurities rain forest puppy (Jan 25)
- Re: CGI insecurities john (Jan 27)
- File Share Vacuum Jonas Denily (Jan 27)
- Re: File Share Vacuum Blue Boar (Jan 27)
- Re: File Share Vacuum Bjør (Jan 28)
- Re: File Share Vacuum Dimitry Andric (Jan 30)