On Mon, 19 Apr 1999, Mike Lowndes wrote:
> Hi all,
> If you use Apache (or I guess any other unix system) there is a SECURITY
> LOOPHOLE using the exec cgi include.Have a look at www.apache.org for
> details.
> Anyone think of a workaround using #include virtual= ?
Use:
<!--#echo var="HTTP_REFERER" -->
in something like the following
<HTML>
<HEAD>
...
</HEAD>
<BODY>
...
<A HREF="<!--#echo var="HTTP_REFERER" -->">The refering page</A>
...
</BODY>
</HTML>
I have just tested this and it seems to work using Apache 1.3.3.
Hope this helps
Chris Mills
-----------------------------------------------------------
[log in to unmask]
-----------------------------------------------------------
Webmaster Technical
Cranfield University Shrivenham Campus
Royal Military College of Science
Swindon.
-----------------------------------------------------------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|