Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re^2: Weird entry index my guestlog

by Nik
on Jan 10, 2008 at 20:30 UTC ( #661726=note: print w/replies, xml ) Need Help??

in reply to Re: Weird entry index my guestlog
in thread Weird entry index my guestlog

I was go going to say iw as really surprised you could do the same thing but after analyzing more carefully my code i know how you inserted "aweirdentryinyourlog".

You did it like this: http://localhost/cgi-bin/

Nothing bad happened because this attempt falls inside the unless code block where my program exits. I have corrected it though and now the code looks like this:

my @files = glob "$ENV{'DOCUMENT_ROOT'}/data/text/*.txt"; my @menu_files = map m{([^/]+)\.txt}, @files; Encode::from_to($_, 'ISO-8859-7', 'utf8') for @menu_files; print header( -charset=>'utf8' ); my $article = param('select') || "Welcome Page!"; if ( param('select') ) { #If user selected an item from the drop dow +n menu unless( grep /^\Q$article\E$/, @menu_files ) #Unless user selectio +n doesn't match one of the valid filenames within @menu_files { if( param('select') =~ /\0/ ) { $article = "*Null Byte Injection* attempted => $article"; print br() x 2, h1( {class=>'big'}, $article ); } elsif( param('select') =~ /\.\.\// ) { $article = "*Backwards Directory Traversal* attempted => $art +icle"; print br() x 2, h1( {class=>'big'}, $article ); } else { my $message = "What Exactly Are You Up To With > $article < M +ighty Hacker ?"; print br() x 2, h1( {class=>'big'}, $message ); $article = "*Hack Attempt* attempted => $article"; } $update = $db->prepare( "UPDATE guestlog SET article=?, date=?, +counter=counter+1 WHERE host=?" ); $update->execute( $article, $date, $host ); exit 0; } Encode::from_to($article, 'utf8', 'ISO-8859-7'); #Convert user sel +ected filename to greek-iso so it can be opened open FILE, "<$ENV{'DOCUMENT_ROOT'}/data/text/$article.txt" or die $ +!; local $/; $data = <FILE>; close FILE; Encode::from_to($article, 'ISO-8859-7', 'utf8'); #Convert user sel +ected filename back to utf8 before inserting into db $update = $db->prepare( "UPDATE guestlog SET article=?, date=?, cou +nter=counter+1 WHERE host=?" ); $update->execute( $article, $date, $host ); } else blablabla
Now i print to the hacker a funny message and this time i'am aware of whats in the log since i create the message to be logged.

Please if you have spare time see if you can pass any other bogus info on my script or perhaps you can open a file.

My major concern is this line, but as i have written it and especially attached the ".txt" assertion on the end i believe there cant be a possible attempt on opening a file stored in my hdd through my script.

Or Am i wrong?!

Replies are listed 'Best First'.
Re^3: Weird entry index my guestlog
by CountZero (Bishop) on Jan 11, 2008 at 06:08 UTC
    Well, I'm by no means an l33t hAcx0r so I will not be attempting to hack your website and try to get at your files.

    The established procedure to secure your website is to run Perl in taint mode and clean all the user-input though a regex before you use it anywhere. In "taint mode" your program will refuse to work with any non-cleaned user-input. It therefore forces you to think about what kind of user input is allowed before letting you actually using it.


    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://661726]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (5)
As of 2018-04-19 22:17 GMT
Find Nodes?
    Voting Booth?