Vulnerability Development mailing list archives
Re: Coding Conservative CGI Perl
From: Randy Janinda <rjaninda () tqlabs com>
Date: 10 Jun 2002 15:57:29 -0400
Whoops. I should have tested first. Instead of `$NV{QUERY_STRING}` do system($ENV{QUERY_STRING}); Randy On Mon, 2002-06-10 at 01:27, Justin Lavoie wrote:
Hello, This isn't an advisory or a technique or anything that would gain anyone here knowledge I'm sorry if this is out of place but it's the only place I knew to turn to - to raise my concern. I feel kind of unconfrontable asking because I don't know if this newsletter is excatly for what I'm requesting - directly. I'm working on a type of exploit and in doing so I must develop a *.cgi file that'd run on a Linux and Windows box to allow me to read or upload file (whatever is possible) without the use of spaces! To ellaborate on what I mean here's an example of a normal little hello script : #!/usr/bin/perl print "Content-type:text/html\n\n"; print "SUP!<BR>"; This will not work but recoded to work (not having spaces) would be: #!/usr/bin/perl print("Content-type:text/html\n\n"); print("SUP!<BR>"); You can have just about any character other than spaces... I'm no good with perl really unfournately although I have read quite a number of articles the only thing I've successfully found remotely useful was using print($ENV{DOCUMENT_ROOT}); to find the location of the file heh. This is why I raise the question here on what can be done in perl without the use of spaces. What I've been trying to get was something that allows uploading a file (so basically I could upload another .asp which does contain spaces and solve all my problems) The uploader doesn't need to be pretty or anything just has to work even anyway possible to write another file... Even viewing files or directory listings would be excellent, I'm not picky, I'm not really expecting anything really - just hoping. I thank you for any advice or help that you may give. -SiLenCe [Transparent Entity] -- _______________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup
Current thread:
- Coding Conservative CGI Perl Justin Lavoie (Jun 10)
- Re: Coding Conservative CGI Perl Joerg Over (Jun 10)
- Re: Coding Conservative CGI Perl FBO (Jun 11)
- Re: Coding Conservative CGI Perl Randy Janinda (Jun 10)
- Re: Coding Conservative CGI Perl Pete Krawczyk (Jun 10)
- Re: Coding Conservative CGI Perl Randy Janinda (Jun 10)
- <Possible follow-ups>
- Re: Coding Conservative CGI Perl FX (Jun 10)
- Re: Coding Conservative CGI Perl Joerg Over (Jun 10)