Nope... a query string like p0=../../../../../../../../../../bin/ls|%00 doesn't work. With regards, Stan At 09:01 29-4-2001 +0300, you wrote: >Yeah but you can't execute commands right ? >like: >http://www.VULNERABLE.com/cgi-bin/cal_make.pl?p0=../../../../../../../../../ >../../../bin/ls%20/%00 >or something, >this cannot be done... right ?
This archive was generated by hypermail 2b30 : Sun Apr 29 2001 - 12:03:57 PDT