Vulnerability Development mailing list archives
Re: source code extracting
From: Sean McHugh <Sean.McHugh () EPIC SUNGARD COM>
Date: Fri, 29 Dec 2000 13:29:21 -0500
of cgi i know of some problems using `open` cmds in perl. i think i got this code off www.perlmonks.com , can't remember. (there was a good article on it, too.) check out lincoln stein's stuff -- he's the perl/CGI guru. #!/usr/bin/perl #use strict; use CGI; # Do not run this script on a server connected to the 'Net # It is supplied as a bad example my $cgi = CGI->new(); my $file = $cgi->param( 'file' ); # Bad taint checking! # This is, amongst other things, a deliberately incomplete list # of shell metacharacters my $data = $1 if $file =~ m#([^./\\`$"'&]+\.?[^./\\`$"'&]+)$#; $data .= '.dat'; my $userInfo; open FILE, "<$data" or die "Cannot open $data: $!\n"; { local $/; $userInfo = <FILE>; } close FILE; print $cgi->header; print $cgi->start_html; print $cgi->pre( $userInfo ); print $cgi->end_html; -----Original Message----- From: masti bhai [mailto:mastibhai () YAHOO COM] Sent: Thursday, December 28, 2000 5:23 AM To: VULN-DEV () SECURITYFOCUS COM Subject: source code extracting There is a way of how to extract the source code of an ASP page on IIS. Is there a similiar method for .CGI in Linux... Masti __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/
Current thread:
- source code extracting masti bhai (Dec 28)
- <Possible follow-ups>
- Re: source code extracting Mark D. Goldman (Dec 29)
- Re: source code extracting Sean McHugh (Dec 29)