Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: perl: code execution via specially crafted regular expression. It it possible ?
Top Forums Programming perl: code execution via specially crafted regular expression. It it possible ? Post 302599172 by +Yan on Thursday 16th of February 2012 11:00:39 AM
Old 02-16-2012
To my understanding, the problem could be narrowed down to the ability of the user to close my regex line with valid regex characters, and add system("do_something_nasty"); to the script for example. In other hand I'm not quite sure how exactly one perl script is being translated and executed. I.e. is it fraction by fraction, or it's all translated prior to execution, and then binary code is executed ?
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Regular expression help in perl

Hi all, I am trying to match a multi line string and return the matching string in one line. Here is the perl code that I wrote: #!/usr/bin/perl my $str='<title>My title</title>'; if ($str =~ /(<title>)(+)(<\/title>)/ ){ print "$2\n"; } It returns : My title I want the... (3 Replies)
Discussion started by: sdubey
3 Replies

2. Shell Programming and Scripting

perl regular expression

letz say that my file has 7 records with only one field. So my file has: 11111111 000000000000000 1111 aaaabbbccc 1111111222000000 aaaaaaaa zz All i need is: 1. when the field has a repetition of the same instance(a-z or 0-9), i would consideer it to be invalid.... (1 Reply)
Discussion started by: helengoldman
1 Replies

3. Shell Programming and Scripting

regular expression in perl

hi, i want to extract the sessionID from this line. QnA Session Id : here the output should be-- QnA_SessionID=128589 Thanks NT (3 Replies)
Discussion started by: namishtiwari
3 Replies

4. Shell Programming and Scripting

PERL regular expression

Hello all, I need to match the red expressions in the following lines : MACRO_P+P-_scrambledServices_REM_PRC30.xml MACRO_P+P-_scrambledServices_REM_RS636.xml MACRO_P+P-_scrambledServices_REM_RS535.xml and so on... Can anyone give me a PERL regular expression to match those characters ? ... (5 Replies)
Discussion started by: lsaas
5 Replies

5. Shell Programming and Scripting

perl regular expression

Dear all, I have a simple issue on a perl regular expression. I want to get the characters in red from the next lines : POWER_key LEFT_key RIGHT_key OK_key DOWN_key and so on... Thanks in advance for reply. Ludo (1 Reply)
Discussion started by: lsaas
1 Replies

6. Shell Programming and Scripting

Regular expression in Perl

Hi, I need and expression for a word like abc_xyz_ykklm The expresion should indicate that the word starts with abc and end with ykklm but does not contain xyz string in the middle. Example: abc_tmn_ykklm is ok and abc_xyz_ykklm is not Ok. Please help. Regards. (1 Reply)
Discussion started by: asth
1 Replies

7. Shell Programming and Scripting

Need perl regular expression

Hi, I am looking for a Perl regular expression to match the below pattern of a java script file. var so = object.device.load('camera','value'); I want to grep out such lines present in the *.js files. The conditions are: a) the line may start with blank space(s) b) always the... (3 Replies)
Discussion started by: royalibrahim
3 Replies

8. Shell Programming and Scripting

Perl regular expression and %

Could you help me with this please. This regular expression seems to match for the wrong input #!/usr/bin/perl my $inputtext = "W1a$%XXX"; if($inputtext =~ m/+X+/) { print "matches\n"; } The problem seems to be %. if inputtext is W1a$XXX, the regex doesnot match.... (5 Replies)
Discussion started by: suppandi7
5 Replies

9. Shell Programming and Scripting

Hidden Characters in Regular Expression Matching Perl - Perl Newbie

I am completely new to perl programming. My father is helping me learn said programming language. However, I am stuck on one of the assignments he has given me, and I can't find very much help with it via google, either because I have a tiny attention span, or because I can be very very dense. ... (4 Replies)
Discussion started by: kittyluva2
4 Replies

10. Programming

Perl: How to read from a file, do regular expression and then replace the found regular expression

Hi all, How am I read a file, find the match regular expression and overwrite to the same files. open DESTINATION_FILE, "<tmptravl.dat" or die "tmptravl.dat"; open NEW_DESTINATION_FILE, ">new_tmptravl.dat" or die "new_tmptravl.dat"; while (<DESTINATION_FILE>) { # print... (1 Reply)
Discussion started by: jessy83
1 Replies

LEARN ABOUT SUNOS

regex

regex(1F)							   FMLI Commands							 regex(1F)

NAME

       regex - match patterns against a string

SYNOPSIS

       regex [-e] [ -v "string"] [ pattern template] ... pattern [template]

DESCRIPTION

       The  regex  command  takes a string from the standard input, and a list of pattern / template pairs, and runs regex() to compare the string
       against each pattern until there is a match.  When a match occurs, regex writes the corresponding  template  to	the  standard  output  and
       returns	TRUE.  The  last  (or  only) pattern does not need a template. If that is the pattern that matches the string, the function simply
       returns TRUE. If no match is found, regex returns FALSE.

       The argument pattern is a regular expression of the form described in regex(). In most cases, pattern should be enclosed in  single  quotes
       to turn off special meanings of characters. Note that only the final pattern in the list may lack a template.

       The  argument template may contain the strings $m0 through $m9, which will be expanded to the part of pattern enclosed in ( ... )$0 through
       ( ...  )$9 constructs (see examples below). Note that if you use this feature, you must be sure to enclose template  in	single	quotes	so
       that  FMLI does not expand $m0 through $m9 at parse time. This feature gives regex much of the power of	cut(1), paste(1), and grep(1), and
       some of the capabilities of sed(1). If there is no template, the default is $m0$m1$m2$m3$m4$m5$m6$m7$m8$m9.

OPTIONS

       The following options are supported:

       -e	       Evaluates the corresponding template and writes the result to the standard output.

       -v "string"     Uses string instead of the standard input to match against patterns.

EXAMPLES

       Example 1: Cutting letters out of a string

       To cut the 4th through 8th letters out of a string (this example will output strin and return TRUE):

       `regex -v "my string is nice" '^.{3}(.{5})$0' '$m0'`

       Example 2: Validating input in a form

       In a form, to validate input to field 5 as an integer:

       valid=`regex -v "$F5" '^[0-9]+$'`

       Example 3: Translating an environment variable in a form

       In a form, to translate an environment variable which contains one of the numbers 1, 2, 3, 4, 5 to the letters a, b, c, d, e:

       value=`regex -v "$VAR1" 1 a 2 b 3 c 4 d 5 e '.*' 'Error'`

       Note the use of the pattern '.*' to mean "anything else".

       Example 4: Using backquoted expressions

       In the example below, all three lines constitute a single backquoted expression. This expression, by itself, could be put in a menu defini-
       tion  file. Since backquoted expressions are expanded as they are parsed, and output from a backquoted expression (the cat command, in this
       example) becomes part of the definition file being parsed, this expression would read /etc/passwd and make a dynamic menu of all the  login
       ids on the system.

       `cat /etc/passwd | regex '^([^:]*)$0.*$' '
       name=$m0
       action=`message "$m0 is a user"`'`

DIAGNOSTICS

       If none of the patterns match, regex returns FALSE, otherwise TRUE.

NOTES

       Patterns  and  templates  must often be enclosed in single quotes to turn off the special meanings of characters. Especially if you use the
       $m0 through $m9 variables in the template, since FMLI will expand the variables (usually to "") before regex even sees them.

       Single characters in character classes (inside []) must be listed before character ranges, otherwise they will not be recognized. For exam-
       ple, [a-zA-Z_/] will not find underscores (_) or slashes (/), but [_/a-zA-Z] will.

       The regular expressions accepted by regcmp differ slightly from other utilities (that is, sed, grep, awk, ed, and so forth).

       regex with the -e option forces subsequent commands to be ignored. In other words, if a backquoted statement appears as follows:

	      `regex -e ...; command1; command2`

       command1 and command2 would never be executed. However, dividing the expression into two:

	      `regex -e ...``command1; command2`

       would yield the desired result.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       awk(1), cut(1), grep(1), paste(1), sed(1), regcmp(3C), attributes(5)

SunOS 5.10							    12 Jul 1999 							 regex(1F)
All times are GMT -4. The time now is 11:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy