in reply to Company hacks through my Perl's Website Security hole
I think a little background is in order. Nik came onto EFnet #Perlhelp as Apost asking for help with his code. Originally all he had was an open call that took a filename from user input, i.e. open(FILE, "<../some/dir/$user_input"). He was told that was a security hole, but he didn't believe it was. He was then shown it was a security hole when someone gave him a URL that caused the script to read /etc/passwd.
As the discussion went on someone mentioned any arbitrary program could be run. This, of course, was false, and the person was corrected. However, Apost became curious, and asked how his code could possibly run an external program. He was told that if he removed the leading "<" in his open call then anyone could supply a command if they did it just right.
Yes, he explicitly changed his code to allow for an even bigger security hole, after he was told it was a security hole and what it would allow.
The full log of the conversation can be found here.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Re: Company hacks through my Perl's Website Security hole
by fluxion (Monk) on May 21, 2004 at 20:47 UTC | |
Re: Re: Company hacks through my Perl's Website Security hole
by Anonymous Monk on May 21, 2004 at 18:48 UTC | |
by Hero Zzyzzx (Curate) on May 22, 2004 at 01:04 UTC | |
Re: Re: Company hacks through my Perl's Website Security hole
by Anonymous Monk on May 21, 2004 at 17:36 UTC | |
by xmath (Hermit) on May 21, 2004 at 17:39 UTC |