Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Comment on

( #3333=superdoc: print w/ replies, xml ) Need Help??
Ok, lately this was the second time that someone posted an entire CGI script at PerlMonks, complete with the (presumably) correct address the CGI script is (or will be) available at. (Well, actually, this is the third time. The first node was this one: Do not undertand this error message and Nik does it for the second time, too...)

In order to understand, why this is an exceptionally bad practice, you have to be aware of the basic methodology of cracking a web page. At least 90% of the work you do when you want to abuse a web site is actually gathering of relevant information:

  • type and version of the OS and the web server software in the hope that you find a public exploit for a potentially unpatched vulnerability
  • DNS entries, phone numbers for easy social engineering
  • path names and file names of CGI scripts for code injection attacks
  • the type of the underlying database engine, valid user names known for the databases, names of tables and columns in the database tables for SQL injection attacks
  • and countless more...
When you got all these relevant information, it is not particularly hard to devise an easy way to hack into someone's web site.

Observe that you give all these information very nicely in your post, so you do he majority of the hard work of the attacker. And this is exactly why crackers often hang around at sysadmin forums and mailing lists: these places are invaluable sources of easy information...

Do yourself a favour: only post stripped down versions of your CGI scripts and remove all sensitive pieces of data (as you did very cleverly with the passwords). This will also make it easier for other monks to consume your question by the way...

Update: rephrased a bit...


In reply to Re: Perfecting index.pl some more! by rg0now
in thread Perfecting index.pl some more! by Nik

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • Outside of code tags, you may need to use entities for some characters:
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.
  • Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others about the Monastery: (8)
    As of 2014-09-23 06:52 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      How do you remember the number of days in each month?











      Results (210 votes), past polls