Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Accessing a Perl CGI script, security issue
Top Forums Web Development Accessing a Perl CGI script, security issue Post 302339167 by z1dane on Thursday 30th of July 2009 02:07:16 AM
Old 07-30-2009
Thank you very much for your reply pludi.

>If the HTTP server is configured wrong and doesn't recognize the scripts as executables, and serves the content instead

I guess this isn't a problem, since http://domain/script.pl executes.

>If another application on the same server is vulnerable to relative path errors, eg instead of calling /xyz/cgi-bin/script.pl

Could you give me an example of such an application?

>If you've got a script that uses templates with variables passed through POST. Those could be set also via GET and potentially serve content you wanted hidden

I'll keep this in mind when I'm building forms and passing variables.

Thanks again,

Dave
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

concurrency issue while Accessing Mail Box from shell script

Hi Bros, I am in a serious trouble with concurrency issue while using mailx. I have a shell script which reads all the emails of a unix user account and create a copy (another mbox for processing and archive purpose). This script works fine for 99.99% of the time but sometime it start creating... (2 Replies)
Discussion started by: Sumit_Fundoo
2 Replies

2. Shell Programming and Scripting

[Perl] Accessing array elements within a sed command in Perl script

I am trying to use a script to replace the header of each file, whose filename are stored within the array $test, using the sed command within a Perl script as follows: $count = 0; while ( $count < $#test ) { `sed -e 's/BIOGRF 321/BIOGRF 332/g' ${test} > 0`; `cat 0 >... (2 Replies)
Discussion started by: userix
2 Replies

3. Shell Programming and Scripting

call shell script from perl cgi script problem

hi,, i have perl scipt with line : system('./try.sh $t $d $m'); in shell scipt try.sh i have the line: echo $1 its not printing value of $t that i hav passed..y is it so..i am running it from apache web server (2 Replies)
Discussion started by: raksha.s
2 Replies

4. Web Development

in cgi perl script a form

hi,i hav a form in cgi perl script.this script accepts a value from user from another html form, and depending upon this value,i need to disable /enable radio buttons in cgi-perl script wen second page is displayed on executing cgi perl script.how do i do it using javascript? (0 Replies)
Discussion started by: raksha.s
0 Replies

5. Web Development

perl cgi script not working

Hello, Met a problem learning perl cgi script. 1 #!/usr/bin/perl -wT 2 3 use strict; 4 use CGI qw(:standard); 5 6 my $q = new CGI; 7 8 my $filename = $q->param('/home/yifangt/hello.cgi'); 9 my $contenttype = $q->uploadInfo($filename)->{'Content-Type'}; 10... (5 Replies)
Discussion started by: yifangt
5 Replies

6. Web Development

problem with exporting vairable from one perl cgi to another perl cgi script while redirecting.

Can anyone tell me how to export a variable from one perl CGI script to another perl cgi script when using a redirect. Upon running the login.pl the user is prompted to enter user name and password. Upon entering the correct credentials (admin/admin) the user is redirected to welcome page. My... (3 Replies)
Discussion started by: Arun_Linux
3 Replies

7. Programming

CGI Perl script to execute bash script- unable to create folder

Hi I have a bash script which takes parameters sh /tmp/gdg.sh -b BASE-NAME -n 1 -s /source/data -p /dest/data/archive -m ARC gdg.sh will scan the /source/data and will move the contents to /dest/data/archive after passing through some filters. Its working superb from bash I have... (0 Replies)
Discussion started by: rakeshkumar
0 Replies

8. Shell Programming and Scripting

Perl : embedding java script with cgi perl script

Hi All, I am aware that html tags can be embedded in cgi script as below.. In the same way is it possible to embed the below javascript in perl cgi script ?? print("<form action="action.htm" method="post" onSubmit="return submitForm(this.Submitbutton)">"); print("<input type = "text"... (1 Reply)
Discussion started by: scriptscript
1 Replies

9. Shell Programming and Scripting

Perl cgi pages out of cgi-bin folder in WINDOWS

Hi team, I have a typical problem with cgi pages in apache webserver in WINDOWS I am able to execute(display) the pages that are saved in cgi-bin folder. But I am not able to execute the pages stored in htdocs or other folder other than cgi-bin folder. Could anyone please let me know how... (1 Reply)
Discussion started by: scriptscript
1 Replies

10. Shell Programming and Scripting

Perl CGI : unable to download the excel sheet from perl cgi page

Hi All, I have written an cgi perl script that displays an image(Excel image) and when clicked on that Image I need to download a excel sheet. I made sure that excel sheet exists in the folder with the given name but still I am not able to download the sheet. print "<center><table... (2 Replies)
Discussion started by: scriptscript
2 Replies

LEARN ABOUT REDHAT

uri

uri(n)						    Tcl Uniform Resource Identifier Management						    uri(n)

NAME

       uri - URI utilities

SYNOPSIS

       package require Tcl 8.2

       package require uri ?1.1.1?

       uri::split url

       uri::join ?key value?...

       uri::resolve base url

       uri::isrelative url

       uri::geturl url ?options...?

       uri::canonicalize uri

       uri::register schemeList script

DESCRIPTION

       This package contains two parts. First it provides regular expressions for a number of url/uri schemes. Second it provides a number of com-
       mands for manipulating urls/uris and fetching data specified by them. For the latter this package analyses the requested url/uri  and  then
       dispatches it to the appropriate package (http, ftp, ...) for actual fetching.

COMMANDS

       uri::split url
	      uri::split  takes  a  single  url,  decodes it and then returns a list of key/value pairs suitable for array set containing the con-
	      stituents of the url. If the scheme is missing from the url it defaults to http. Currently only the schemes http, ftp,  mailto,  urn
	      and file are supported. See section EXTENDING on how to expand that range.

       uri::join ?key value?...
	      uri::join  takes a list of key/value pairs (generated by uri::split, for example) and returns the canonical url they represent. Cur-
	      rently only the schemes http, ftp, mailto, urn and file are supported. See section EXTENDING on how to expand that range.

       uri::resolve base url
	      uri::resolve resolves the specified url relative to base. In other words: A non-relative url is returned unchanged,  whereas  for  a
	      relative	url  the missing parts are taken from base and prepended to it. The result of this operation is returned. For an empty url
	      the result is base.

       uri::isrelative url
	      uri::isrelative determines whether the specified url is absolute or relative.

       uri::geturl url ?options...?
	      uri::geturl decodes the specified url and then dispatches the request to the package appropriate for the scheme found  in  the  url.
	      The  command  assumes  that the package to handle the given scheme either has the same name as the scheme itself (including possible
	      capitalization) followed by ::geturl, or, in case of this failing, has the same name as the scheme itself (including possible  capi-
	      talization).  It further assumes that whatever package was loaded provides a geturl-command in the namespace of the same name as the
	      package itself. This command is called with the given url and all given options.	Currently  geturl  does  not  handle  any  options
	      itself.

	      Note: file-urls are an exception to the rule described above. They are handled internally.

	      It  is  not  possible to specify results of the command. They depend on the geturl-command for the scheme the request was dispatched
	      to.

       uri::canonicalize uri
	      uri::canonicalize returns the canonical form of a URI.  The canonical form of a URI is one where relative path specifications, ie. .
	      and .., have been resolved.

       uri::register schemeList script
	      uri::register  registers	the  first element of schemeList as a new scheme and the remaining elements as aliases for this scheme. It
	      creates the namespace for the scheme and executes the script in the new namespace. The script has to  declare  variables	containing
	      the  regular  expressions  relevant to the scheme. At least the variable schemepart has to be declared as that one is used to extend
	      the variables keeping track of the registered schemes.

SCHEMES

       In addition to the commands mentioned above this package provides regular expression to recognize urls for a number of url schemes.

       For each supported scheme a namespace of the same name as the scheme itself is provided inside of the namespace uri containing the variable
       url  whose  contents  are  a  regular expression to recognize urls of that scheme. Additional variables may contain regular expressions for
       parts of urls for that scheme.

       The variable uri::schemes contains a list of all supported schemes. Currently these are ftp, file, http, gopher,  mailto,  news,  wais  and
       prospero.

EXTENDING

       Extending  the range of schemes supported by uri::split and uri::join is easy because both commands do not handle the request by themselves
       but dispatch it to another command in the uri namespace using the scheme of the url as criterion.

       uri::split and uri::join call Split[string totitle <scheme>] and  Join[string totitle <scheme>] respectively.

CREDITS

       Original code by Andreas Kupries.  Modularisation by Steve Ball.

KEYWORDS

       uri, url, fetching information, www, http, ftp, mailto, gopher, wais, prospero, file

uri								       1.1.1								    uri(n)
All times are GMT -4. The time now is 07:39 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy