Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re^7: Getting values with help of curl

by afoken (Chancellor)
on Sep 07, 2022 at 10:46 UTC ( [id://11146738]=note: print w/replies, xml ) Need Help??


in reply to Re^6: Getting values with help of curl
in thread Getting values with help of curl

my $content = `curl --silent -k -u admin:pass https://url/api/v2/GetDeviceInfo?$ARGV[0]`;

Instant shell injection vulnerability:

# have your validated backup ready
perl yourscript.pl ';rm -rf /'

[download]

And if someone can also gain control over the API server, a nice way to export data:

perl yourscript.pl ' --data-binary @/etc/passwd'

[download]

In fact, no attack on the API server is needed, a simple DNS manipulation is sufficient. You wouldn't even notice that something is wrong when someone managed to manipulate the DNS and makes your script connect to the wrong server presenting a wrong certificate, because you explicitly switched off certificate verification (curl -k a.k.a. curl --insecure).

And, as you were told in the first reply by Corion++, you don't need to shell out at all. Perl can do HTTPS just fine without external tools like curl.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11146738]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2024-04-23 23:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found