Re: Re: Retrieval of script values

Also, if the program is poorly written it could reveal the value of that variable as well

Hi duff, do you have an example to show a badly written script?

One way I can think of is when the script is invoked as a get, and the next page it generates has http://site.com/cgi-bin/script.pl?seron=blahblah in the URL.

Comment on Re: Re: Retrieval of script values Download Code

Replies are listed 'Best First'.
Re: Re: Re: Retrieval of script values by Cody Pendant (Prior) on Jan 20, 2004 at 04:26 UTC
Another example would be if you used CGI::Carp for debugging and didn't remove it from production code and it helpfully said "can't open /path/to/file, /path/to/script.cgi line 99" or the like when it hit a problem. ($_='kkvvttuubbooppuuiiffssqqffssmmiibbddllffss') =~y~b-v~a-z~s; print	[reply]
Re: Re: Re: Retrieval of script values by duff (Parson) on Jan 20, 2004 at 17:49 UTC
I don't have a particular example, but I can think of all sorts of ways a program could be written to reveal parts of its own source. Your GET example is quite common though (I've seen it in at least one persons graduate project!). Debugging code inadvertantly left in, the program is actually designed to print its own source, the variable's value is displayed as part of an error message, the value is put in a "hidden" field, etc. There are a wide variety of ways to screw things up :-) duff	[reply]