|
From: | Jason Hood |
Subject: | Re: A CGI security hole on Windows? |
Date: | Sat, 12 Mar 2016 17:04:32 +1000 |
User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 |
> Doesn't the following code have a security hole on Windows? "-|" is not supported on Windows and I believe exec will go through the shell anyway (Windows always has a single command line string, never individual arguments). (This change was originally submitted 2014-01-22.) -- Jason.
[Prev in Thread] | Current Thread | [Next in Thread] |