Re: Coding Conservative CGI Perl

From: FX (fxat_private)
Date: Mon Jun 10 2002 - 12:15:48 PDT

  • Next message: McAllister, Andrew: "RE: PGP spoof decrypted output?"

    > This is why I raise the question here on what can be done in perl without
    > the use of spaces.
    
    It doesn't matter what you want to do. One solution is used in many shell
    codes: encode the program code and decode it on the fly.
    
    To encode any perl program with a simple monoalphabetic substitution, you
    could use this script:
    
    ---encode.pl---
    #!/usr/bin/perl 
    
    while (<STDIN>) {
        chomp;
        $_=~s/(.)/chr(ord($1)+3)/ge;
        print;
    }
    ---
    
    The encoded perl script can have as many spaces as you can wish for.
    
    example:
    # echo 'print "my perl prog\n";' | ./encode.pl
    will give you something like this:
    sulqw#%p|#shuo#surj_q%>
    
    Now, your CGI looks like this:
    #!/usr/bin/perl 
    $D="sulqw#%p|#shuo#surj_q%>";$D=~s/(.)/chr(ord($1)-3)/ge;eval($D);
    
    Note the absense of any spaces. Using the same or any other encoding that is
    convinient for you (such as XOR with pattern 0x55, encode in hex, etc.), you 
    can upload code with spaces and other forbidden characters and execute it 
    anyway.
    
    The power of eval().
    
    Peace,
    FX
    
    -- 
             FX           <fxat_private>
          Phenoelit   (http://www.phenoelit.de)
    672D 64B2 DE42 FCF7 8A5E E43B C0C1 A242 6D63 B564
    



    This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 13:21:25 PDT