Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Using relative paths with taint mode

by ikegami (Patriarch)
on Jun 20, 2021 at 06:26 UTC ( [id://11134050]=note: print w/replies, xml ) Need Help??


in reply to Using relative paths with taint mode

Imagine if I ran the following commands: 

cd /tmp
mkdir Site
printf '%s\n' 'print "0wn3d\n";' >Site/HTML.pm
ln -s /path/to/script.cgi script.cgi
./script.cgi

[download]

This is exactly what -T is suppose to prevent.

Update: Original exploit didn't actually work.

Seeking work! You can reach me at ikegami@adaelis.com

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11134050]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (1)
As of 2024-04-25 01:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found