We had a campus wide ban on any of Wright's cgi stuff. Lot's of unescaped system() and exec() and `` from old Matty. One of his scripts is universally known as the best mail forwarder/spam relays ever. Another would actually pass rm -rf * to the command line. All you had to do was stuff a semicolon after the form input. I spent a whole semester writing secure work-a-likes to his scripts and also writing LWP stuff that would poke around for his scripts on our user webspace -- especially the formmailer. Egads.