Some (bad) examples(1)

• www.freebsd.org/cgi-bin/query-pr.cgi:

• $pr = $ENV{'QUERY_STRING'}; # kern/12345

• $pr =~ s%^[a-z][a-z386]+/([0-9]+)$%$1%i;

• open(Q, "query-pr --restricted -F $pr 2>&1 |");

• This script lead to an actual breakin:

• QUERY_STRING eq "; command"