Dig indexing and searching Web pages engine interface from PHP. (fwd)

Torsten Neuer Mon, 04 Sep 2000 02:16:25 -0700

Manuel Lemos wrote:
> 
>  application: PHP interface to ht://Dig 2000.09.03
>       author: Manuel Lemos <[EMAIL PROTECTED]>
>      license: freely distributable
>     category: Web/Development
> 
>     homepage: http://freshmeat.net/redir/homepage/968017154/
>     download: http://freshmeat.net/redir/download/968017154/

At first glance, I would say that there is a possible security hole
in this class since the htsearch parameters are not shell-escapes.
This could allow the execution of arbitrary commands.

cheers,

  Torsten

-- 
InWise - Wirtschaftlich-Wissenschaftlicher Internet Service GmbH
Waldhofstra�e 14                            Tel: +49-4101-403605
D-25474 Ellerbek                            Fax: +49-4101-403606
E-Mail: [EMAIL PROTECTED]            Internet: http://www.inwise.de

------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
List archives:  <http://www.htdig.org/mail/menu.html>
FAQ:            <http://www.htdig.org/FAQ.html>

Re: [htdig] PHP interface to ht://Dig 2000.09.03 - ht://Dig indexing and searching Web pages engine interface from PHP. (fwd)

Reply via email to