[39436] in Cypherpunks
Re: NYT on Netscape Crack
daemon@ATHENA.MIT.EDU (sameer)
Tue Sep 19 10:07:32 1995
From: sameer <sameer@c2.org>
To: adam@lighthouse.homeport.org (Adam Shostack)
Date: Tue, 19 Sep 1995 06:55:06 -0700 (PDT)
Cc: sameer@c2.org, cypherpunks@toad.com
In-Reply-To: <199509191349.JAA04365@homeport.org> from "Adam Shostack" at Sep 19, 95 09:49:27 am
> Don't forget system(), which was a major source of holes in the NCSA server.
> Also, CGI scripts, especially those that run under perl or sh, would be a good
> place to look for holes. Don't forget to see what happens when you put
> semi-colons in the data field of various fields, such as mailto:'s.
>
A CGI-script hole doesn't count as a netscape server hole.
system() is probably pretty bad though.
--
sameer Voice: 510-601-9777
Community ConneXion FAX: 510-601-9734
An Internet Privacy Provider Dialin: 510-658-6376
http://www.c2.org (or login as "guest") sameer@c2.org
