Mailing list home
  Find posts   Help

Latest messageRecent messages

In this thread:
 First
 Prev
 Next
 See whole thread
By msg id:
 Prev: 14 Sep 2001 23:37
 Next: 15 Sep 2001 14:01

Other threads:
 Prev: Binding
 Next: draggable fields?

Same author:
 Prev: 15 Sep 2001 11:14
 Next: 16 Sep 2001 14:28

 Random message

Indexes:
 By topic
 By date
 By author
 By subject
Join the Mailing List....
AccessibilityAbout / FAQ
Member's loungeContact/FeedbackOther REBOL links
Membership:
member name

password

Remember?

Not a member? Please join
25-Sep 7:30 UTC
[0.047] 9.761k
Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

[REBOL] Re: APACHE + REBOL as CGI?

From: matt:blis at: 15-Sep-2001 12:38



> -----Original Message-----
> From: [rebol-bounce--rebol--com] [mailto:[rebol-bounce--rebol--com]]
> On Behalf Of Graham Chiu
> Sent: 15 September 2001 12:52
> To: [rebol-list--rebol--com]
> Subject: [REBOL] Re: APACHE + REBOL as CGI?
>
> >
> > As Ryan pointed out with his very astute example, placing
> > the Rebol
> > binary in the cgi-bin does two things:
> >
> > 1) it allows your Rebol executable to be used in any url
> > on your server
> > 2) it allows *anyone* to do 1)
>
> I would like to see a working example of this exploit.  It
> has been mentioned before, but has *anyone* actually got it
> to do this??


I doubt you will ever see this on any live server[1]!  This is a very,
very well known security hazard, and  is explained in more detail here

http://www.cert.org/advisories/CA-1996-11.html

HTH
Matt.

[1] that's been set up by someone that knows what they're doing.

1 · 2 · 3 · 4 · 5 ... 13 · 14 · [15] · 16 · 17 ... 23 · 24 · 25 · 26 · 27 · See whole thread