Re^6: Getting values with help of curl

Yes, I´ve changed it abit, works also fine and looks a bit better:

my $content = `curl --silent -k -u admin:pass https://url/api/v2/GetDe
+viceInfo?$ARGV[0]`;
[download]

Comment on Re^6: Getting values with help of curl Download Code

Replies are listed 'Best First'.
Re^7: Getting values with help of curl by afoken (Chancellor) on Sep 07, 2022 at 10:46 UTC
my $content = `curl --silent -k -u admin:pass https://url/api/v2/GetDeviceInfo?$ARGV[0]`; Instant shell injection vulnerability: `# have your validated backup ready perl yourscript.pl ';rm -rf /'` [download] And if someone can also gain control over the API server, a nice way to export data: `perl yourscript.pl ' --data-binary @/etc/passwd'` [download] In fact, no attack on the API server is needed, a simple DNS manipulation is sufficient. You wouldn't even notice that something is wrong when someone managed to manipulate the DNS and makes your script connect to the wrong server presenting a wrong certificate, because you explicitly switched off certificate verification (`curl -k` a.k.a. `curl --insecure`). And, as you were told in the first reply by Corion++, you don't need to shell out at all. Perl can do HTTPS just fine without external tools like curl. Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^7: Getting values with help of curl
by afoken (Chancellor) on Sep 07, 2022 at 10:46 UTC

my $content = `curl --silent -k -u admin:pass https://url/api/v2/GetDeviceInfo?$ARGV[0]`;

Instant shell injection vulnerability:

# have your validated backup ready
perl yourscript.pl ';rm -rf /'
[download]

And if someone can also gain control over the API server, a nice way to export data:

perl yourscript.pl ' --data-binary @/etc/passwd'
[download]

In fact, no attack on the API server is needed, a simple DNS manipulation is sufficient. You wouldn't even notice that something is wrong when someone managed to manipulate the DNS and makes your script connect to the wrong server presenting a wrong certificate, because you explicitly switched off certificate verification (curl -k a.k.a. curl --insecure).

And, as you were told in the first reply by Corion++, you don't need to shell out at all. Perl can do HTTPS just fine without external tools like curl.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

[reply]
[d/l]
[select]