Hacked CGI

How not to CGI protect a page

This is the page to demonstrate how insecure the CGI script is.
This should teach people not to use a script if they don't know what it does.
I don't know if this counts as bypassing the password on Desperado's page, but I think it's interesting anyway. If you can find the mistake, email me.

.insipid. [[email protected]]

After I wrote this page, I posted to alt.2600 that I had found a hole in the CGI script. Very shortly afterwards,

phaZer [web link]

repeated the same trick. Congrats. (He also added the funky gif)

Maybe if more people do it, we can keep a list, and use this as some sort of learning exercise.

Who is Archangel? (sorry about that, it was the only relevant link I could think of having on this page... and it needed something more. :P

This page created in 10 minutes, with Microsoft Notepad (w00h00!) on June 16, 1998

h4x0ReD! <g>