An error when i switched from python v2.6.6 => v3.2.3
Νίκος Γκρ33κ
nikos.gr33k at gmail.com
Thu Mar 7 19:57:30 EST 2013
Τη Πέμπτη, 7 Μαρτίου 2013 10:15:11 μ.μ. UTC+2, ο χρήστης Ian έγραψε:
> On Thu, Mar 7, 2013 at 1:04 PM, Νίκος Γκρ33κ <nikos.gr33k at gmail.com> wrote:
>
> > Τη Πέμπτη, 7 Μαρτίου 2013 9:36:33 μ.μ. UTC+2, ο χρήστης Joel Goldstick έγραψε:
>
> >
>
> >> So, I see you fixed the problem. How?
>
> >
>
> > Apart from appearing ugly its not causing any more trouble(other than some issues that i have fixed), so i will just d:
>
> >
>
> > os.system( 'python %s > %s' % (htmlpage, temp) )
>
> > f = open( temp )
>
> > htmldata = f.read()
>
> > htmldata = htmldata.replace( 'Content-type: text/html; charset=utf-8', '' )
>
>
>
> If htmlpage is being pulled from the HTTP request as I think it is,
>
> then you have a code injection vulnerability here. Think what could
>
> happen if htmlpage were something like this:
>
>
>
> -c ''; rm -rf /; oops.py
Yes its being pulled by http request!
But please try to do it, i dont think it will work!
More information about the Python-list
mailing list