Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:
Hello, I'm new to Perl....& this web application built on perl-cgi(~10 yrs old app) Recently the Rational webAppscan that scanned the URL ,reported several(20) cgi modules for 'Information Exposure Through Query Strings in GET Request'...The remediation task suggested is 'Always use SSL and POST (body) parameters when sending sensitive information'...CWE-ID:598 I didnt see anything obvious...I was hoping someone could point out the code that is causing the vulnerability Below is the code (both cgi & the template)of one of the module
***********************airline_carrier.tmpl***************
***********************airline_carrier.cgi***************</div> <script language="javascript" src="/gdr/js/sorttable.js"></script> <TMPL_INCLUDE NAME="./icon_top.tmpl"> <p class="page-header">Airline Carrier</p> <hr class="header-line"> <br> <form name=airline_carrier method=POST action="airline_carrier.cgi"> <table id="t1" onclick="stripe('t1')" class="data-table"> <tr class="data-table-header"> <th width=30%>Carrier Code</th> <th width=70%>Carrier Name</th> </tr> <TMPL_LOOP NAME=AIRLINE_LIST> <tr class="<tmpl_if name=__ODD__>shaded<tmpl_else>unshaded</tmpl_i +f>"> <td width=30%><TMPL_VAR NAME=CARRIER_CD></td> <td width=70%><TMPL_VAR NAME=CARRIER_NAM></td> </tr> </TMPL_LOOP> </table> </form> <TMPL_INCLUDE NAME="./icon_bottom.tmpl">
use Provider::CGI; use strict; use coplib; use Apache::DBI; use DBI; use Provider::LogAgent; use Provider::Constants; my $cgi = Provider::CGI->new(); # Store the user information in the session object my $session = {}; getSession( $session ); ## Common Log my $logger = new Provider::LogAgent($session); #my $event = $Provider::Constants::ADMIN_INFO; my $event = 20001; my $entity = ""; my $entityType = ""; my $additional = {"action"=>$Provider::Constants::COMMON_LOG_ACCESS}; $logger->store_message($event, $entity, $entityType, %$additional); my $dbh = cpDBConnect( $session ); my $loop_data=[]; my $sql_stmt; print $cgi->header( -charset => q{utf-8} ); my $template; if(( $session->{entity_type_cd} eq 'A' ) or ($session->{entity_type_cd +} eq 'S' ) ) { $template = coplib::new_template('airline_carrier.tmpl', 'Airline C +arrier', $session); } else { $event = $Provider::Constants::INVALID_LOGIC_ERROR; $logger->store_message($event, $entity, $entityType); $template = new_template("no_access.tmpl", "No Access", undef ); print $template->output(); exit; } $sql_stmt = <<SQL_STMT_TEXT; SELECT CARRIER_CD , CARRIER_NAM FROM MCAIRLINE_CARRIER ORDER BY CARRIER_CD SQL_STMT_TEXT my $sth = $dbh->prepare($sql_stmt); $sth->execute( ); $loop_data = $sth->fetchall_arrayref({}); $sth->finish; #$dbh->disconnect; $template->param( AIRLINE_LIST => $loop_data); print $template->output; END { untie $session; undef $session; }
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: Need help figure out this Security vulnerability on this cgi code
by bitingduck (Chaplain) on Apr 01, 2012 at 06:05 UTC | |
Re: Need help figure out this Security vulnerability on this cgi code
by Anonymous Monk on Apr 01, 2012 at 03:24 UTC | |
by planetscape (Chancellor) on Apr 01, 2012 at 04:29 UTC | |
by Anonymous Monk on Apr 01, 2012 at 04:50 UTC | |
by Anonymous Monk on Apr 01, 2012 at 05:25 UTC | |
Re: Need help figure out this Security vulnerability on this cgi code
by pemungkah (Priest) on Apr 02, 2012 at 22:47 UTC |
Back to
Seekers of Perl Wisdom