Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: Company hacks through my Perl's Website Security hole

by Somni (Friar)
on May 21, 2004 at 17:28 UTC ( [id://355364]=note: print w/replies, xml ) Need Help??


in reply to Company hacks through my Perl's Website Security hole

I think a little background is in order. Nik came onto EFnet #Perlhelp as Apost asking for help with his code. Originally all he had was an open call that took a filename from user input, i.e. open(FILE, "<../some/dir/$user_input"). He was told that was a security hole, but he didn't believe it was. He was then shown it was a security hole when someone gave him a URL that caused the script to read /etc/passwd.

As the discussion went on someone mentioned any arbitrary program could be run. This, of course, was false, and the person was corrected. However, Apost became curious, and asked how his code could possibly run an external program. He was told that if he removed the leading "<" in his open call then anyone could supply a command if they did it just right.

Yes, he explicitly changed his code to allow for an even bigger security hole, after he was told it was a security hole and what it would allow.

The full log of the conversation can be found here.

Replies are listed 'Best First'.
Re: Re: Company hacks through my Perl's Website Security hole
by fluxion (Monk) on May 21, 2004 at 20:47 UTC
    I'd also like to point out that xmath used the exploit to remove execute permissions from the script to prevent any incidents, but at a later point the script was re-activated by this thread's creator in spite of numerous explicit warnings against doing so before fixing the exploit.

    Normally such incidents are considered a gimme when providing web services to users, but if ever a case existed where a user should be held responsible for such negligence it would be this one.

    Nik: Are you responsible? Yes. Are you liable for any damages? Probably not, which, judging from your demeanor in the channel, is probably your only real concern.


    Roses are red, violets are blue. All my base, are belong to you.
Re: Re: Company hacks through my Perl's Website Security hole
by Anonymous Monk on May 21, 2004 at 18:48 UTC
    You know what else, here on perlmonks Nik has been told several times to use tainting and to read perlsec.

      And on the Devshed Forums where I'm a moderator I've told him to figure out tainting too. I don't know what the resistance is here. . .

      -Any sufficiently advanced technology is
      indistinguishable from doubletalk.

      My Biz

Re: Re: Company hacks through my Perl's Website Security hole
by Anonymous Monk on May 21, 2004 at 17:36 UTC
    Thanks Somni ... I was thinking the
    'Λόγος Ψυχωφελής και Θαυμάσιος => '
    Was some sort of binary code that was getting executed. What the heck is 'Λόγος Ψυχωφελής και Θαυμάσιος => ' anyways?
      It's greek. The cgi was part of a greek website, hence.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://355364]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (7)
As of 2024-03-28 19:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found