Error: This thread is too old. You can't reply anymore.

Oh shit! What ever happened to NO EXCEPTIONS^?

Well, here's a good reason to avoid CGI: http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html

He's scanning with http://seclists.org/oss-sec/2014/q3/649

tl;dr gnu bash environment export of functions allows command execution. Any service that lauches a gnu bash shell with tainted environment variables (including some CGI implementations) allows remote code execution.

>>43
That's surprising, unless the de/compression is done in pure Python, or it's something slow like bzip. (It took me a minute to realize you weren't talking about shiⁱchan.)