|
|
|
|
|
|
by xorcist
4283 days ago
|
|
|
That's not how to think about it. Your web application is vulnerable if it spawns shell scripts, with any user supplied data in the environemnt. One way for that to happen is if your CGI-application runs things via os.system() / system(). It is not the web server itself that has the problem, nor any common CGI-setup (unless you write your CGI-scripts in bash, in which case you are guaranteed to have other problems). |
|
|