Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight

Re: Company hacks through my Perl's Website Security hole

by Somni (Friar)
on May 21, 2004 at 17:28 UTC ( #355364=note: print w/replies, xml ) Need Help??

in reply to Company hacks through my Perl's Website Security hole

I think a little background is in order. Nik came onto EFnet #Perlhelp as Apost asking for help with his code. Originally all he had was an open call that took a filename from user input, i.e. open(FILE, "<../some/dir/$user_input"). He was told that was a security hole, but he didn't believe it was. He was then shown it was a security hole when someone gave him a URL that caused the script to read /etc/passwd.

As the discussion went on someone mentioned any arbitrary program could be run. This, of course, was false, and the person was corrected. However, Apost became curious, and asked how his code could possibly run an external program. He was told that if he removed the leading "<" in his open call then anyone could supply a command if they did it just right.

Yes, he explicitly changed his code to allow for an even bigger security hole, after he was told it was a security hole and what it would allow.

The full log of the conversation can be found here.

Replies are listed 'Best First'.
Re: Re: Company hacks through my Perl's Website Security hole
by fluxion (Monk) on May 21, 2004 at 20:47 UTC
    I'd also like to point out that xmath used the exploit to remove execute permissions from the script to prevent any incidents, but at a later point the script was re-activated by this thread's creator in spite of numerous explicit warnings against doing so before fixing the exploit.

    Normally such incidents are considered a gimme when providing web services to users, but if ever a case existed where a user should be held responsible for such negligence it would be this one.

    Nik: Are you responsible? Yes. Are you liable for any damages? Probably not, which, judging from your demeanor in the channel, is probably your only real concern.

    Roses are red, violets are blue. All my base, are belong to you.
Re: Re: Company hacks through my Perl's Website Security hole
by Anonymous Monk on May 21, 2004 at 18:48 UTC
    You know what else, here on perlmonks Nik has been told several times to use tainting and to read perlsec.

      And on the Devshed Forums where I'm a moderator I've told him to figure out tainting too. I don't know what the resistance is here. . .

      -Any sufficiently advanced technology is
      indistinguishable from doubletalk.

      My Biz

Re: Re: Company hacks through my Perl's Website Security hole
by Anonymous Monk on May 21, 2004 at 17:36 UTC
    Thanks Somni ... I was thinking the
    'Λόγος Ψυχωφελής και Θαυμάσιος => '
    Was some sort of binary code that was getting executed. What the heck is 'Λόγος Ψυχωφελής και Θαυμάσιος => ' anyways?
      It's greek. The cgi was part of a greek website, hence.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://355364]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (11)
As of 2016-10-26 15:38 GMT
Find Nodes?
    Voting Booth?
    How many different varieties (color, size, etc) of socks do you have in your sock drawer?

    Results (342 votes). Check out past polls.