You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Randy Terbush <ra...@zyzzyva.com> on 1996/06/14 16:42:36 UTC
Re: Server parsed HTML bug!! (?)
> >
> >
> > > > No, wait - I think he means that he wants to have a CGI script output HTML
> > > > which would then be parsed by the server-side-include engine.
> >
> > yup, we're talking about the same thing.
> >
> > creating commands to be executed on the fly.. oh what fun
> >
> >
> > > I used to work in Apache
> >
> > really? I don't think so because people have been asking for it since
> >
> >
>
> It worked before handlers were introduced....
> i belive it was 0.9 era...
Wrong server. 0.9.x never existed for Apache.
> It isnt insecure if your script runs like this
>
> if ($foo) {
> print "<!--#include virtual=\"/cgi-bin/nav.cgi?area=0\"-->";
> } else {
> print "<!--#include virtual=\"/cgi-bin/nav.cgi?area=1\"-->";
> }
>
I could pretty easily create a recursive bomb....