Re: the arbitrary code execution in CGIHTTPServer.
CGIHTTPServer executes cgi files inside a folder specified at init. Its function for deciding what's inside the folder (to be executed) and what's outside (to be returned raw) is completely bust. If you urlencode the slashes you will confuse it enough to yield false negative/positive.
This means that if you are using CGIHTTPServer, anyone can execute anything that the web server was supposed to print, or get the source of any cgi script.
You should probably not be using CGIHTTPServer anyway. </PSA>
CGIHTTPServer executes cgi files inside a folder specified at init. Its function for deciding what's inside the folder (to be executed) and what's outside (to be returned raw) is completely bust. If you urlencode the slashes you will confuse it enough to yield false negative/positive.
This means that if you are using CGIHTTPServer, anyone can execute anything that the web server was supposed to print, or get the source of any cgi script.
You should probably not be using CGIHTTPServer anyway. </PSA>