While this may work, after taking a look at some of the code, I am uncertain if 1) it is a pure perl solution, and 2) if it is a safe solution.
Headers are parsed by hand, there is a reference to upload2.php in the source (which I did not track down to see if it is used, or if it is just a leftover), creates the upload directory mode 777, assumes the browser puts the session id into the first parameter in the query string, <redacted /> there is a significant security issue with a remote exploit, .... I stopped looking after the last one.
In short, this would be on a do not use list for me, about the same level as the original Matt's Script Archive code.
Updates:
- removed description of exploit pending notification of author, remove the "might not be safe" clause.
- 2015-04-30T10:44-05:00 - No response from the author. Looking into method of applying appropriate pressure. If this is a "top 1% project", having this exposure could be a BadThing™
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.