Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re^3: Candidate for a new "Evil Uses For Perl" section.

by mr_mischief (Monsignor)
on Jul 24, 2014 at 20:07 UTC ( [id://1094952]=note: print w/replies, xml ) Need Help??


in reply to Re^2: Candidate for a new "Evil Uses For Perl" section.
in thread Candidate for a new "Evil Uses For Perl" section.

Comments and content-length limits of graphics formats and the like are sometimes used nefariously. In some web applications, you can easily upload a GIF file (or in others a file with the .gif extension which is assumed to be safe since it's that extension) but not something that looks like a PHP script (or not that has the .php extension in some cases).

Since GIF allows the trailing content and PHP passes data that's not within its tags through to output unchanged, some applications will be fooled into accepting GIF files with PHP inside which act as both GIF and PHP scripts. Then the other half of the attack is just to convince the system to treat it as PHP, which for the purposes of this post is left as an exercise.

  • Comment on Re^3: Candidate for a new "Evil Uses For Perl" section.

In Section Cool Uses for Perl

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1094952]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (9)
As of 2024-04-23 17:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found