Well, he at least appears to be trying to use imaginary variables. If you change some of them around, you can eventually get a script that works (if you can call it that), you'll also have to run it from the 'accounts' directory, I didn't fix that:
$FORM{'user'} = "cjf"; $FORM{'pass'} = "1234"; # why was the following line there? # if($FORM{'path'} =~ m/\0|\r|\n/ig){ die "illegal characters"; } #check for .htaccess file in /home/user/accounts/$FORM{path} $htaccess = "/home/cjf/accounts/$FORM{user}/.htaccess"; if (-e $htaccess){ open(HTACCESS, "<", $htaccess) or die "could not open .htaccess f +ile"; # added chomp chomp(@lines = <HTACCESS>); close(HTACCESS); ($correctuser,$correctpassword) = split(/:/,$lines[0]); if ($FORM{'user'} eq $correctuser && $FORM{'pass'} eq $correctpass +word){ print "access granted"; access(); } else { print "access denied"; } } else { mkdir($FORM{'user'},0755) or die "error accessing user directory" +unless (-d $FORM{user}); $accessfile = $FORM{'user'} . "/.htaccess"; # changed $useraccess to $accessfile # changed $username to $FORM{'user'} # changed $password to $FORM{'pass'} open(USERACCESS, ">", $accessfile) or die "could not create user f +ile"; print USERACCESS "$FORM{'user'}:$FORM{'pass'}"; close(USERACCESS); }
Now I'm still not sure what he's saying about filename/variable limits in Perl and how they could result in a vulnerability. It certainly doesn't sound accurate. Can someone clarify this?
In reply to Re: Re: Hacking CGI - security and exploitation
by cjf
in thread Hacking CGI - security and exploitation
by IlyaM
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |