First page Back Continue Last page Summary Graphic
Exploit af SSI - NEJ
-
I html filer:
- <!--#include file="foo"-->
- <!--#exec cmd="./calprog.cgi" -->
-
Find en variabel, der udskrives umodificeret
- print "you are trying to post an AD from another
URL:<b> $ENV{'HTTP_REFERER'}\n";
-
Giv HTTP_REFERER noget SSI-kode