Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'View a summary of installed Perl modules' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
View a summary of installed Perl modules
Authored by: merlyn on Jul 08, '03 12:04:54PM
Don't leave this running on your server, because it reveals information that might be useful to a bad guy.

Also, this program leaves a server open to Cross-Site-Scripting (XSS) attacks, because no escaping is done for environment variable dumps, and thus a properly encoded query string can present HTML to the visitor.

Be afraid. Be very afraid.

[ Reply to This | # ]

View a summary of installed Perl modules
Authored by: bluehz on Jul 08, '03 12:57:52PM

Thx for the warning - actually I use it on a internal LAN only IP setup just for this type thing, PHPMyadmin, Webmin, etc. None of it is accessible from outside world.



[ Reply to This | # ]
View a summary of installed Perl modules
Authored by: Darkshadow on Jul 08, '03 04:46:17PM

You could set it up in the httpd.conf file that only localhost (127.0.0.1) has access to that cgi. Then you wouldn't have to worry about anyone from the outside having access to it.



[ Reply to This | # ]