Re: the arbitrary code execution in CGIHTTPServer.
CGIHTTPServer executes cgi files inside a folder specified at init. Its function for deciding what's inside the folder (to be executed) and what's outside (to be returned raw) is completely bust. If you urlencode the slashes you will confuse it enough to yield false negative/positive.
This means that if you are using CGIHTTPServer, anyone can execute anything that the web server was supposed to print, or get the source of any cgi script.
You should probably not be using CGIHTTPServer anyway. </PSA>
They've really shinied up the web site since I last been there. I really like the ability to run Python in an interactive console on the home page too, with a live connection to an actual box on which you can actually run stuff.
I'd like to add that I am the go-to person in my department (of 50 people) for all things python. I had a guy (a data scientist) ask me how to install and use python on his machine in the past hour...
Well, you know, that CGI HTTP Server issue would not have happened if we had finally moved onto Python 3! The community is very confusing to newcomers. We really should just move on and forget about Python 2.
CGIHTTPServer executes cgi files inside a folder specified at init. Its function for deciding what's inside the folder (to be executed) and what's outside (to be returned raw) is completely bust. If you urlencode the slashes you will confuse it enough to yield false negative/positive.
This means that if you are using CGIHTTPServer, anyone can execute anything that the web server was supposed to print, or get the source of any cgi script.
You should probably not be using CGIHTTPServer anyway. </PSA>