in reply to Serve local perl docs with HTTP::Daemon

Browsing to http://localhost:83 will give error 501/505 to avoid uninvited guests, you must request http://localhost:83/index.html to load the page.
And on a unix box, browsing to http://localhost:83/../../../../etc/passwd will give you your password file. Cool!

-- Randal L. Schwartz, Perl hacker
Be sure to read my standard disclaimer if this is a reply.

  • Comment on •Re: Serve local perl docs with HTTP::Daemon

Replies are listed 'Best First'.
Re^2: Serve local perl docs with HTTP::Daemon
by jfroebe (Parson) on Oct 11, 2004 at 20:17 UTC

    a little better.... added $r->url->path =~ s!../!!g;

    #!/usr/bin/perl use strict; use warnings; use HTTP::Daemon; use HTTP::Status; my $perldocs = 'c:/Perl/html/'; my $n = "\n"; my $d = HTTP::Daemon->new(LocalAddr=>'localhost',LocalPort=>83) || die +; print "Listening on: <URL:", $d->url, ">\n"; while (my $c = $d->accept) { while (my $r = $c->get_request) { $r->url->path =~ s!../!!g; print $r->method." ".$r->url->path.$n; if ($r->method eq 'GET') { -e $perldocs.$r->url->path ? $c->send_file_response($perldocs.$r->url->path) : $c->send_error(RC_NOT_FOUND); } else { $c->send_error(RC_FORBIDDEN) } } $c->close; undef($c); }

    No one has seen what you have seen, and until that happens, we're all going to think that you're nuts. - Jack O'Neil, Stargate SG-1

Re^2: Serve local perl docs with HTTP::Daemon
by elwarren (Curate) on Oct 11, 2004 at 21:29 UTC
    I think you meant to quote this: I realize this is not secure, it is in no way meant to be... :-) On windows, something like this might be more interesting:
    C:\Documents and Settings\username\Application Data\Microsoft\Outlook\ +username.pst or C:\WINDOWS\system32\config\SYSTEM
    but I'd be more worried about things like windows default exporting your registry or the hidden C$ share...