Re: source code extracting

[Sean McHugh <Sean.McHugh () EPIC SUNGARD COM>]

of cgi i know of some problems using `open` cmds in perl.

i think i got this code off www.perlmonks.com , can't remember.
(there was a good article on it, too.)

check out lincoln stein's stuff -- he's the perl/CGI guru.

#!/usr/bin/perl
#use strict;
use CGI;

# Do not run this script on a server connected to the 'Net
# It is supplied as a bad example

my $cgi  = CGI->new();
my $file = $cgi->param( 'file' );

# Bad taint checking!
# This is, amongst other things, a deliberately incomplete list
# of shell metacharacters
my $data = $1 if $file =~ m#([^./\\`$"'&]+\.?[^./\\`$"'&]+)$#;

$data .= '.dat';
my $userInfo;

open FILE, "<$data" or die "Cannot open $data: $!\n";
{
    local $/;
    $userInfo = <FILE>;
}
close FILE;

print $cgi->header;
print $cgi->start_html;
print $cgi->pre( $userInfo );
print $cgi->end_html;


-----Original Message-----
From: masti bhai [mailto:mastibhai () YAHOO COM]
Sent: Thursday, December 28, 2000 5:23 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: source code extracting


There is a way of how to extract the source code of an
ASP page on IIS.
Is there a similiar method for .CGI in Linux...
Masti


__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/