test-cgi should be banned from any system shortly after installation anyway. PATH_TRANSLATED can be abused by adding a / or a /~username to test-cgi. This will give you the real pathname of the htdocs-dir respectively the real pathname of an users $HOME/public_html. This info could gain importance to a hacker in combination with some other bug. atrox'99
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:50 PDT