> This is why I raise the question here on what can be done in perl without
> the use of spaces.
It doesn't matter what you want to do. One solution is used in many shell
codes: encode the program code and decode it on the fly.
To encode any perl program with a simple monoalphabetic substitution, you
could use this script:
---encode.pl---
#!/usr/bin/perl
while (<STDIN>) {
chomp;
$_=~s/(.)/chr(ord($1)+3)/ge;
print;
}
---
The encoded perl script can have as many spaces as you can wish for.
example:
# echo 'print "my perl prog\n";' | ./encode.pl
will give you something like this:
sulqw#%p|#shuo#surj_q%>
Now, your CGI looks like this:
#!/usr/bin/perl
$D="sulqw#%p|#shuo#surj_q%>";$D=~s/(.)/chr(ord($1)-3)/ge;eval($D);
Note the absense of any spaces. Using the same or any other encoding that is
convinient for you (such as XOR with pattern 0x55, encode in hex, etc.), you
can upload code with spaces and other forbidden characters and execute it
anyway.
The power of eval().
Peace,
FX
--
FX <fxat_private>
Phenoelit (http://www.phenoelit.de)
672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 13:21:25 PDT