WebApp User Input Failures

• Raw shell execution

• • Lots of methods (`` , ; , && , | )
  • input_var=”&& echo cross platform test”

• More common for us lazy *niz folks

• PHP Includes

• • Turn OFF allow_url_fopen

• Bottom line – regexp in valid chars, not regexp out invalid chars