uri_unescape not printing desired results

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I am having problems unencoding a website, they are using a free script from cgiscript.net to do it and I want to prove to them it's not secure. But for some reason when running my script, I get the source code I can't see on their site through the browser but it's still jumbled. Why isn't my escape working?

SOURCE:

uri_unescape <!-- |||||   SOURCE CODE ENCRYPTION - START  ||||| -->
<!-- ||||| FREE CODE: WWW.CGISCRIPT.NET, LLC ||||| -->
<!-- |||||     http://www.cgiscript.net      ||||| -->
<!--
                                .,od88888888888bo,.
                            .d88888888888888888888888b.
                         .d88888888888888888888888888888b.
                       .d888888888888888888888888888888888b.
                     .d8888888888888888888888888888888888888b.
                    d88888888888888888888888888888888888888888b
                   d8888888888888888888888888888888888888888888b
                  d888888888888888888888888888888888888888888888
                  8888888888888888888888888888888888888888888888
                  8888888888888888888888888888888888888888888888
                  8888888888888888888888888888888888888888888888
                  Y88888888888888888888888888888888888888888888P
                  "8888888888P'   "Y8888888888P"    "Y888888888"
                   88888888P        Y88888888P        Y88888888
                   Y8888888          ]888888P          8888888P
                    Y888888          d888888b          888888P
                     Y88888b        d88888888b        d88888P
                      Y888888b.   .d88888888888b.   .d888888
                       Y8888888888888888P Y8888888888888888
                        888888888888888P   Y88888888888888
                        "8888888888888[     ]888888888888"
                           "Y888888888888888888888888P"
                                "Y88888888888888P"
                             888b  Y8888888888P  d888
                             "888b              d888"
                              Y888bo.        .od888P
                               Y888888888888888888P
                                "Y88888888888888P"
                                  "Y8888888888P"
          d8888bo.                  "Y888888P"                  .od888
+b
         888888888bo.                  """"                  .od888888
+8
         "88888888888b.                                   .od888888888
+[
         d8888888888888bo.                              .od88888888888
+8
       d88888888888888888888bo.                     .od888888888888888
+8b
       ]888888888888888888888888bo.            .od88888888888888888888
+88b=
       888888888P" "Y888888888888888bo.     .od88888888888888P" "Y8888
+88P=
        Y8888P"           "Y888888888888bd888888888888P"            "Y
+8P
          ""                   "Y8888888888888888P"
                                 .od8888888888bo.
                             .od888888888888888888bo.
                         .od8888888888P"  "Y8888888888bo.
                      .od8888888888P"        "Y8888888888bo.
                  .od88888888888P"              "Y88888888888bo.
        .od888888888888888888P"                    "Y8888888888888888b
+o.
       Y8888888888888888888P"                         "Y88888888888888
+88b=
       888888888888888888P"                            "Y8888888888888
+888=
        "Y888888888888888                               "Y888888888888
+88P=
             ""Y8888888P                                  "Y888888P"
                "Y8888P                                     Y888P"
                   ""                                        """
-->
<script language=JavaScript>m='%3C%21--%23%23%23%23%23%23%23%23%23%23%
+23%23%23%2
3%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23
+%23%23%23%
23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%2
+3%23%23%23
%23%23%0D%0A%23%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+20%20%20%2
0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
+%20%20%20%
20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%23%0D%0A%23%2
+0%20%20%20
Copyright%20%A9%201999-2002%20CGISCRIPT.NET%20-%20All%20Rights%20Reser
+ved%20%20%
20%20%20%23%0D%0A%23%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2
+0%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+20%20%20%2
0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%23%0D%0A
+%23%23%23%
23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%2
+3%23%23%23
%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%
+23%23%23%2
3%23%23%23%23%23%23%23%23%23%23%23%23%0D%0A%23%20%20%20%20%20%20%20%20
+%20%20%20%
20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%2
+0%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+20%20%20%2
0%20%20%23%0D%0A%23%20%20%20%20%20%20%20%20%20%20THIS%20COPYRIGHT%20IN
+FORMATION%
20MUST%20REMAIN%20INTACT%20%20%20%20%20%20%20%20%20%20%20%20%23%0D%0A%
+23%20%20%2
0%20%20%20%20%20%20%20%20%20%20%20%20%20AND%20MAY%20NOT%20BE%20MODIFIE
+D%20IN%20A
NY%20WAY%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%23%0D%0A%2
+3%20%20%20
%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%
+20%20%20%2
0%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20
+%20%20%20%
20%20%20%20%20%20%20%20%20%20%20%23%0D%0A%23%23%23%23%23%23%23%23%23%2
+3%23%23%23
%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%
+23%23%23%2
3%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23
+%23%23%23%
23%23%23%0D%0A%23%0D%0A%23%20When%20you%20downloaded%20this%20script%2
+0you%20agr
eed%20to%20accept%20the%20terms%20%0D%0A%23%20of%20this%20Agreement.%2
+0This%20Ag
reement%20is%20a%20legal%20contract%2C%20which%20%0D%0A%23%20specifies
+%20the%20t
erms%20of%20the%20license%20and%20warranty%20limitation%20between%20%0
+D%0A%23%20
you%20and%20CGISCRIPT.NET.%20You%20should%20carefully%20read%20the%20f
+ollowing%2
0%0D%0A%23%20terms%20and%20conditions%20before%20installing%20or%20usi
+ng%20this%
20software.%20%20%0D%0A%23%20Unless%20you%20have%20a%20different%20lic
+ense%20agr
eement%20obtained%20from%20%0D%0A%23%20CGISCRIPT.NET%2C%20installation
+%20or%20us
e%20of%20this%20software%20indicates%20%0D%0A%23%20your%20acceptance%2
+0of%20the%
20license%20and%20warranty%20limitation%20terms%0D%0A%23%20contained%2
+0in%20this
%20Agreement.%20If%20you%20do%20not%20agree%20to%20the%20terms%20of%20
+this%0D%0A
%23%20Agreement%2C%20promptly%20delete%20and%20destroy%20all%20copies%
+20of%20the
%20Software.%0D%0A%23%0D%0A%23%20Versions%20of%20the%20Software%20%0D%
+0A%23%20On
ly%20one%20copy%20of%20the%20registered%20version%20of%20CGISCRIPT.NET
+%20%0D%0A%
23%20may%20used%20on%20one%20web%20site.%0D%0A%23%20%0D%0A%23%20Licens
+e%20to%20R
edistribute%0D%0A%23%20Distributing%20the%20software%20and/or%20docume
+ntation%20
with%20other%20products%0D%0A%23%20%28commercial%20or%20otherwise%29%2
+0or%20by%2
0other%20than%20electronic%20means%20without%0D%0A%23%20CGISCRIPT.NET%
+27s%20prio
r%20written%20permission%20is%20forbidden.%0D%0A%23%20All%20rights%20t
+o%20the%20
CGISCRIPT.NET%20software%20and%20documentation%20not%20expressly%0D%0A
+%23%20gran
ted%20under%20this%20Agreement%20are%20reserved%20to%20CGISCRIPT.NET.%
+0D%0A%23%0
D%0A--%3E%3Cscript%20language%3D%22JavaScript%22%20src%3D%22encrypt.js
+%22%3E%3C/
script%3E%3C%21--%0D%0A%23%20Disclaimer%20of%20Warranty%0D%0A%23%20THI
+S%20SOFTWA
RE%20AND%20ACCOMPANYING%20DOCUMENTATION%20ARE%20PROVIDED%20%22AS%20IS%
+22%20AND%0
D%0A%23%20WITHOUT%20WARRANTIES%20AS%20TO%20PERFORMANCE%20OF%20MERCHANT
+ABILITY%20
OR%20ANY%20OTHER%0D%0A%23%20WARRANTIES%20WHETHER%20EXPRESSED%20OR%20IM
+PLIED.%20%
20%20BECAUSE%20OF%20THE%20VARIOUS%20HARDWARE%0D%0A%23%20AND%20SOFTWARE
+%20ENVIRON
MENTS%20INTO%20WHICH%20CGISCRIPT.NET%20MAY%20BE%20USED%2C%20NO%20WARRA
+NTY%20%0D%
0A%23%20OF%20FITNESS%20FOR%20A%20PARTICULAR%20PURPOSE%20IS%20OFFERED.%
+20%20THE%2
0USER%20MUST%20ASSUME%20THE%0D%0A%23%20ENTIRE%20RISK%20OF%20USING%20TH
+IS%20PROGR
AM.%20%20ANY%20LIABILITY%20OF%20CGISCRIPT.NET%20WILL%20BE%0D%0A%23%20L
+IMITED%20E
XCLUSIVELY%20TO%20PRODUCT%20REPLACEMENT%20OR%20REFUND%20OF%20PURCHASE%
+20PRICE.%0
D%0A%23%20IN%20NO%20CASE%20SHALL%20CGISCRIPT.NET%20BE%20LIABLE%20FOR%2
+0ANY%20INC
IDENTAL%2C%20SPECIAL%20OR%0D%0A%23%20CONSEQUENTIAL%20DAMAGES%20OR%20LO
+SS%2C%20IN
CLUDING%2C%20WITHOUT%20LIMITATION%2C%20LOST%20PROFITS%0D%0A%23%20OR%20
+THE%20INAB
ILITY%20TO%20USE%20EQUIPMENT%20OR%20ACCESS%20DATA%2C%20WHETHER%20SUCH%
+20DAMAGES%
20ARE%0D%0A%23%20BASED%20UPON%20A%20BREACH%20OF%20EXPRESS%20OR%20IMPLI
+ED%20WARRA
NTIES%2C%20BREACH%20OF%20CONTRACT%2C%0D%0A%23%20NEGLIGENCE%2C%20STRICT
+%20TORT%2C
%20OR%20ANY%20OTHER%20LEGAL%20THEORY.%20THIS%20IS%20TRUE%20EVEN%20IF%0
+D%0A%23%20
CGISCRIPT.NET%20IS%20ADVISED%20OF%20THE%20POSSIBILITY%20OF%20SUCH%20DA
+MAGES.%20I
N%20NO%20CASE%20WILL%0D%0A%23%20CGISCRIPT.NET%27%20LIABILITY%20EXCEED%
+20THE%20AM
OUNT%20OF%20THE%20LICENSE%20FEE%20ACTUALLY%20PAID%0D%0A%23%20BY%20LICE
+NSEE%20TO%
20CGISCRIPT.NET.--%3E';d=unescape(m);document.write(d);</script>

<!-- |||||   SOURCE CODE ENCRYPTION - END    ||||| -->
[download]

SCRIPT:

#!/usr/bin/perl

use LWP::Simple;

my $page = get("http://www.cgiscript.net/encrypt_index.htm"); 
print "uri_unescape $page";
[download]

Comment on uri_unescape not printing desired results Select or Download Code

Replies are listed 'Best First'.
Re: uri_unescape not printing desired results by Enlil (Parson) on Feb 22, 2004 at 01:33 UTC
Functions don't execute inside quotes. You might want to try something like: `print uri_unescape($page);` [download] Then it will probably still not work, because if you were to add "use warnings" to the top of your script you would get a warning such as: Undefined subroutine &main::uri_unescape called at ... Which in turn could be corrected by adding: `use URI::Escape;` [download] to the top of the script as well. -enlil	[reply] [d/l] [select]
Re: uri_unescape not printing desired results by BUU (Prior) on Feb 22, 2004 at 04:16 UTC
`d=unescape(m);document.write(d);` Amused.	[reply] [d/l]
Re: uri_unescape not printing desired results by matija (Priest) on Feb 22, 2004 at 18:03 UTC
Several problems with your script: as others have pointed out, functions don't function if they are called inside quotes. You're calling `uri_unescape` which is not a core perl function. You need to `use URI::Escape` before you call `uri_unescape`. If you don't want to `use URI::Escape`, you could write the function yourself, like this: `sub uri_unescape { my $str=shift @_; $str=~s/%(\w{2})/chr(hex($1))/ge; return $str; }` [download] Once you get all the text decoded, you will see that it is just a big copyright notice and disclaimer, and there is no code there. ;-)	[reply] [d/l] [select]