TUCoPS :: Web :: Apps :: bt1673.txt

DailyDose v 1.1 CGI:

Bug is found in this script:

DailyDose v 1.1 (by

The script ( does not check the input:


($command,$list,$temp, $id) = split ("&",$data,4);

. . .

local ($template) = "$tempdir/$temp";

open(TEMPL, "$template") || print "no file found $template!";

#open without check var. $temp 

Example (listing):|ls|


Alexey Sintsov aka Don_Huan

