Site hacked by herbless@antionline.orgEver heard of the expression "weakest link in the chain" ? Well, that applieshere. Even the best security in the world can be circumvented by poorly written Perl scripts. Hint: `cat | cut -f1 d:` is pretty dangerous on unchecked input! More to the point, Mr Admin, check out your /cgi-bin/usermaint.pl script. It passes unchecked input to shell-scripts which also don't do any checking. This applies to every site hosted on your server - even those mounted across your NFS link. I only hacked this one because it was the first I came to. |