Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Trojan Horse? (taint mode)

by chromatic (Archbishop)
on Nov 25, 2001 at 23:15 UTC ( [id://127406]=note: print w/replies, xml ) Need Help??


in reply to Trojan Horse? (taint mode)

ph3@r:

print "$\{system('echo \"hello\"')}";

Yet fear not so much: 

chomp(my $input = <STDIN>);
print "$input\n";

[download]
Feed this one the shell command above (a nice variable dereferencing scheme) and it'll print out literally.

Unless you're doing hazardous things with string eval, you're probably safe.

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://127406]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others musing on the Monastery: (7)
As of 2024-04-23 18:49 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found