I know the CGI is vulnerable, for example , some input of a form can mess the server , but how to get rid of the malicious code, where can I get the detail instruction and help? Thanks a lot!
CGI is just a name for all scripts that are used to process data from a webpage.
How secure that is depends on the intelligence of the script programmer.
if you send a filename through an HTML form, you're creating a security hole.
Have a look at http://209.100.212.5/cgi-bin/search/search.cgi?searchvalue=php+exploit
Shows a lot about php vulnerability.
Ben, What kind of malicious code are you intending to protect yourself against? Are you allowing users to write and execute their own code?
-Ye Olde Ben
I learn from some books that some input command line can disorder the system, but don't know how to avoid this? And I don't hope users write and execute their own code at present. I know to use escapeshellcmd() before calling for exec() and system(), are there any other more such process and functions?
