Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"
 
PerlMonks  

Re (tilly) 1: Run arbitrary UNIX commands on webserver without telnet

by tilly (Archbishop)
on Oct 30, 2001 at 19:39 UTC ( #122103=note: print w/replies, xml ) Need Help??


in reply to Run arbitrary UNIX commands on webserver without telnet

I far prefer the tried and true:
use CGI qw(:standard); # Time passes open(IN, param("input_file")); # and do the rest of the apparently innocuous program
The proper usage of this handy command runner I leave to your imagination, a close read of open's semantics, and a reminder that if you know how to do a URI encoding, you can put pipes etc into the filename.

Yes. This is a warning about a basic security mistake that you may be making without realizing it...

  • Comment on Re (tilly) 1: Run arbitrary UNIX commands on webserver without telnet
  • Download Code

Replies are listed 'Best First'.
Re(dmm) 2: Run arbitrary UNIX commands on webserver without telnet
by dmmiller2k (Chaplain) on Oct 30, 2001 at 19:42 UTC

    Very stealthy. And concise.

    dmm

    
    You can give a man a fish and feed him for a day ...
    Or, you can teach him to fish and feed him for a lifetime
    

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://122103]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (8)
As of 2016-10-01 18:32 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?






    Results (3 votes). Check out past polls.