S
shumsta
Hi, I recently observed some interesting hacking attempts at a site I
am working on. I haven't been able to find any info about this as a
documented exploit, though surely it has been identified.
Can anyone tell me or point me to info regarding exploiting a server by
passing in module names to a cgi script? This seems to work when the
cgi script prints the raw cgi param value back out, though I'm not sure
I understand why.
For example suppose script myhack.cgi takes an argument named
"username" and prints it to the screen in the case of an invalid
password using "print "bad username $username" if !$valid{$username};
then if you call the script using:
/cgi-bin/myhack.cgi?username=[CGI::Carp::realwarn]
you get an error like this:
Error in maketexting "bad username [CGI::Carp::realwarn]":
Can't locate object method "realwarn" via package "CGI::Carp" (perhaps
you forgot to load "CGI::Carp"?)
in bracket code [compiled line 2], as used at /mycode.pm line 1137
Anyone seen this before?
Thanks
am working on. I haven't been able to find any info about this as a
documented exploit, though surely it has been identified.
Can anyone tell me or point me to info regarding exploiting a server by
passing in module names to a cgi script? This seems to work when the
cgi script prints the raw cgi param value back out, though I'm not sure
I understand why.
For example suppose script myhack.cgi takes an argument named
"username" and prints it to the screen in the case of an invalid
password using "print "bad username $username" if !$valid{$username};
then if you call the script using:
/cgi-bin/myhack.cgi?username=[CGI::Carp::realwarn]
you get an error like this:
Error in maketexting "bad username [CGI::Carp::realwarn]":
Can't locate object method "realwarn" via package "CGI::Carp" (perhaps
you forgot to load "CGI::Carp"?)
in bracket code [compiled line 2], as used at /mycode.pm line 1137
Anyone seen this before?
Thanks