Vulnerability Development mailing list archives
Re: Coding Conservative CGI Perl
From: Randy Janinda <rjaninda () tqlabs com>
Date: 10 Jun 2002 15:57:29 -0400
Whoops. I should have tested first. Instead of `$NV{QUERY_STRING}` do
system($ENV{QUERY_STRING});
Randy
On Mon, 2002-06-10 at 01:27, Justin Lavoie wrote:
Hello,
This isn't an advisory or a technique or anything that would gain anyone here knowledge I'm sorry if this is out
of place but it's the only place I knew to turn to - to raise my concern. I feel kind of unconfrontable asking
because I don't know if this newsletter is excatly for what I'm requesting - directly.
I'm working on a type of exploit and in doing so I must develop a *.cgi file that'd run on a Linux and Windows box to
allow me to read or upload file (whatever is possible) without the use of spaces! To ellaborate on what I mean
here's an example of a normal little hello script :
#!/usr/bin/perl
print "Content-type:text/html\n\n";
print "SUP!<BR>";
This will not work but recoded to work (not having spaces) would be:
#!/usr/bin/perl
print("Content-type:text/html\n\n");
print("SUP!<BR>");
You can have just about any character other than spaces... I'm no good with perl really unfournately although I have
read quite a number of articles the only thing I've successfully found remotely useful was using
print($ENV{DOCUMENT_ROOT}); to find the location of the file heh.
This is why I raise the question here on what can be done in perl without the use of spaces. What I've been trying
to get was something that allows uploading a file (so basically I could upload another .asp which does contain spaces
and solve all my problems) The uploader doesn't need to be pretty or anything just has to work even anyway possible
to write another file... Even viewing files or directory listings would be excellent, I'm not picky, I'm not really
expecting anything really - just hoping.
I thank you for any advice or help that you may give.
-SiLenCe
[Transparent Entity]
--
_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
Current thread:
- Coding Conservative CGI Perl Justin Lavoie (Jun 10)
- Re: Coding Conservative CGI Perl Joerg Over (Jun 10)
- Re: Coding Conservative CGI Perl FBO (Jun 11)
- Re: Coding Conservative CGI Perl Randy Janinda (Jun 10)
- Re: Coding Conservative CGI Perl Pete Krawczyk (Jun 10)
- Re: Coding Conservative CGI Perl Randy Janinda (Jun 10)
- <Possible follow-ups>
- Re: Coding Conservative CGI Perl FX (Jun 10)
- Re: Coding Conservative CGI Perl Joerg Over (Jun 10)