perlquestion
Anonymous Monk
Hello, I'm new to Perl....& this web application built on perl-cgi(~10 yrs old app) Recently the Rational webAppscan that scanned the URL ,reported several(20) cgi modules for 'Information Exposure Through Query Strings in GET Request'...The remediation task suggested is 'Always use SSL and POST (body) parameters when sending sensitive information'...CWE-ID:598 I didnt see anything obvious...I was hoping someone could point out the code that is causing the vulnerability Below is the code (both cgi & the template)of one of the module
***********************airline_carrier.tmpl***************
<code>
</div>
<script language="javascript" src="/gdr/js/sorttable.js"></script>
<TMPL_INCLUDE NAME="./icon_top.tmpl">
<p class="page-header">Airline Carrier</p>
<hr class="header-line">
<br>
<form name=airline_carrier method=POST action="airline_carrier.cgi">
<table id="t1" onclick="stripe('t1')" class="data-table">
<tr class="data-table-header">
<th width=30%>Carrier Code</th>
<th width=70%>Carrier Name</th>
</tr>
<TMPL_LOOP NAME=AIRLINE_LIST>
<tr class="<tmpl_if name=__ODD__>shaded<tmpl_else>unshaded</tmpl_if>">
<td width=30%><TMPL_VAR NAME=CARRIER_CD></td>
<td width=70%><TMPL_VAR NAME=CARRIER_NAM></td>
</tr>
</TMPL_LOOP>
</table>
</form>
<TMPL_INCLUDE NAME="./icon_bottom.tmpl">
</code>
***********************airline_carrier.cgi***************
<code>
use Provider::CGI;
use strict;
use coplib;
use Apache::DBI;
use DBI;
use Provider::LogAgent;
use Provider::Constants;
my $cgi = Provider::CGI->new();
# Store the user information in the session object
my $session = {};
getSession( $session );
## Common Log
my $logger = new Provider::LogAgent($session);
#my $event = $Provider::Constants::ADMIN_INFO;
my $event = 20001;
my $entity = "";
my $entityType = "";
my $additional = {"action"=>$Provider::Constants::COMMON_LOG_ACCESS};
$logger->store_message($event, $entity, $entityType, %$additional);
my $dbh = cpDBConnect( $session );
my $loop_data=[];
my $sql_stmt;
print $cgi->header( -charset => q{utf-8} );
my $template;
if(( $session->{entity_type_cd} eq 'A' ) or ($session->{entity_type_cd} eq 'S' ) )
{
$template = coplib::new_template('airline_carrier.tmpl', 'Airline Carrier', $session);
}
else
{
$event = $Provider::Constants::INVALID_LOGIC_ERROR;
$logger->store_message($event, $entity, $entityType);
$template = new_template("no_access.tmpl", "No Access", undef );
print $template->output();
exit;
}
$sql_stmt = <<SQL_STMT_TEXT;
SELECT
CARRIER_CD ,
CARRIER_NAM
FROM MCAIRLINE_CARRIER
ORDER BY CARRIER_CD
SQL_STMT_TEXT
my $sth = $dbh->prepare($sql_stmt);
$sth->execute( );
$loop_data = $sth->fetchall_arrayref({});
$sth->finish;
#$dbh->disconnect;
$template->param( AIRLINE_LIST => $loop_data);
print $template->output;
END
{
untie $session;
undef $session;
}
</code>
2