Re: Server parsed HTML bug!! (?)

[Randy Terbush <ra...@zyzzyva.com>]

> > 
> > 
> > > > No, wait - I think he means that he wants to have a CGI script output HTML
> > > > which would then be parsed by the server-side-include engine.
> > 
> > yup, we're talking about the same thing.
> > 
> > creating commands to be executed on the fly.. oh what fun
> > 
> > 
> > > I used to work in Apache
> > 
> > really? I don't think so because people have been asking for it since
> > 
> > 
> 
> It worked before handlers were introduced....
> i belive it was 0.9 era... 

Wrong server. 0.9.x never existed for Apache.

> It isnt insecure if your script runs like this
> 
> if ($foo)	{
> 	print "<!--#include virtual=\"/cgi-bin/nav.cgi?area=0\"-->";
> } else {
> 	print "<!--#include virtual=\"/cgi-bin/nav.cgi?area=1\"-->";
> }
> 

I could pretty easily create a recursive bomb....