[REBOL] Re: APACHE + REBOL as CGI?
From: matt:blis at: 15-Sep-2001 12:38
> -----Original Message-----
> From: [rebol-bounce--rebol--com] [mailto:[rebol-bounce--rebol--com]]
> On Behalf Of Graham Chiu
> Sent: 15 September 2001 12:52
> To: [rebol-list--rebol--com]
> Subject: [REBOL] Re: APACHE + REBOL as CGI?
> > As Ryan pointed out with his very astute example, placing
> > the Rebol
> > binary in the cgi-bin does two things:
> > 1) it allows your Rebol executable to be used in any url
> > on your server
> > 2) it allows *anyone* to do 1)
> I would like to see a working example of this exploit. It
> has been mentioned before, but has *anyone* actually got it
> to do this??
I doubt you will ever see this on any live server! This is a very,
very well known security hazard, and is explained in more detail here
 that's been set up by someone that knows what they're doing.