Exploit af photo.cgi

• $write_file = $Upload_Dir.$filename;

• open(ULFD,">$write_file") || die show_upload_failed("$write_file $!");

• print ULFD $UPLOAD{'FILE_CONTENT'};

• close(ULFD);

• $Upload_Dir sættes i Config.

• Men kan vi rette i $filename?