Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re (tilly) 1: Run arbitrary UNIX commands on webserver without telnet

by tilly (Archbishop)
on Oct 30, 2001 at 19:39 UTC ( #122103=note: print w/ replies, xml ) Need Help??


in reply to Run arbitrary UNIX commands on webserver without telnet

I far prefer the tried and true:

use CGI qw(:standard); # Time passes open(IN, param("input_file")); # and do the rest of the apparently innocuous program
The proper usage of this handy command runner I leave to your imagination, a close read of open's semantics, and a reminder that if you know how to do a URI encoding, you can put pipes etc into the filename.

Yes. This is a warning about a basic security mistake that you may be making without realizing it...


Comment on Re (tilly) 1: Run arbitrary UNIX commands on webserver without telnet
Download Code
Re(dmm) 2: Run arbitrary UNIX commands on webserver without telnet
by dmmiller2k (Chaplain) on Oct 30, 2001 at 19:42 UTC

    Very stealthy. And concise.

    dmm

    
    You can give a man a fish and feed him for a day ...
    Or, you can teach him to fish and feed him for a lifetime
    

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://122103]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (6)
As of 2014-11-22 02:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My preferred Perl binaries come from:














    Results (118 votes), past polls