Below is a script i have wrote which i realy need someone to check over to make sure it is secure.
The quick answer, based seeing none of
- -T # taint mode
- use strict;
- use CGI;
is "probably not." And on closer examination, your URL decoding logic is buggy. Don't roll your own logic. Let CGI.pm do it for you. And on closer examination, there's nothing to prevent someone from forging a form that contain a username of
;/bin/rm -f *\n
If one of you geniuses could modify my code to perform the above, it would be most appreciated
You'll learn more, and will be better off in the long run, if you put some more work in on this yourself. We'll be happy to re-review your work, and offer pointers.
One such pointer is that you might find it worthwhile to read Ovid's Web Programming User Perl course. You'll find most, if not all, of what you need there.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.