XP is just a number | |
PerlMonks |
Re^7: Getting values with help of curlby afoken (Chancellor) |
on Sep 07, 2022 at 10:46 UTC ( [id://11146738]=note: print w/replies, xml ) | Need Help?? |
my $content = `curl --silent -k -u admin:pass https://url/api/v2/GetDeviceInfo?$ARGV[0]`; Instant shell injection vulnerability:
And if someone can also gain control over the API server, a nice way to export data:
In fact, no attack on the API server is needed, a simple DNS manipulation is sufficient. You wouldn't even notice that something is wrong when someone managed to manipulate the DNS and makes your script connect to the wrong server presenting a wrong certificate, because you explicitly switched off certificate verification (curl -k a.k.a. curl --insecure). And, as you were told in the first reply by Corion++, you don't need to shell out at all. Perl can do HTTPS just fine without external tools like curl. Alexander
-- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
In Section
Seekers of Perl Wisdom
|
|