comment on

Hi Monks,

What Somni said was 100% true. I indeed connect to the Efnet IRC Network and joined #perlhelp channel to ask the folks there about a problem of mine which i also posted today in another post about a file that cannot be opened.
Well i didn wanted to tell you the whole story because you would might think and tell me that i was looking for trouble.
Well indeed i was asking for it but not intentionally yo do harm to the company but for pretty much curiusnet. I just wanted to see by my own eyes the effects of that security hole to the server so that i could actually understand what problem could a perl cgi security hole can couse. I wanted also the guys not only to show me that but to explain to me the whole "hacking" process as well......

Please feel free to blame me for this but i am telling you my curiousness was the only reason for such a mess. But i wasnt the one that hackes the website and did ... God knows ... what else to the server. But i wanted the guys at EFney to show mw the tricks and i dotn hesitate to say that if my webpage didnt went off i would try them my self one by one to see and understand how this stuff works!! :-)

I don't think this is wrong, since if you dont try yourslef you wont learn. Well am not saying its right either because i dont own the server, its just a free hosting company i use to host my webpage with the funny chars (we called it greek). Sometimes the need, the curiocity and the desire to test something that you just been taught is too much too handle.... so you dont actually think of the consequences....After these tests that unfortunately i wasnt able to run i would fix the script but i needed first to try....

Anyway, guess what?

I just loogen in to my account and seen that some nice fellow renames myn index.pl to index.pl.bak and in the actually index.pl he deliberately corrected the security hole for me!!!! Isnt that great or what?!?! I just want to thank the guy who ever that he maybe, i guess his a fellow from efnet but also wanted to ask you guys to explain to me the correction that took place..... I will tehn paste all my index.pl for you to see so that you tell me if it has any other flaws that i cant see since i am a newbie....he is the correction the "unknown" friend has made..,br>

undef @isfile{@files};
exists $isfile{$file} or die;
[download]

here is also the whole index.pl....if you are not bored have a look.....

#!/usr/bin/perl -w
use CGI::Carp qw(fatalsToBrowser);
use CGI qw(:standard);
use DBI;
use DBD::mysql;
use Mail::Sendmail;

$xronos = scalar(localtime(time + 10800));
$xronos =~ s/:\d{2} \d{4}//g;

$ip = $ENV{'REMOTE_ADDR'};
@numbers = split (/\./,$ip);
$address = pack ("C4", @numbers);
$host = gethostbyaddr ($address, 2) || $ip;

print header( -charset=>'iso-8859-7' );
print start_html( -title=>'Ψυχωφελή Πνευματικά Κείμενα!', -background=
+>'../data/images/night.jpg' );

$db = ($ENV{'SERVER_NAME'} ne 'nikos.50free.net')
    ? DBI->connect('DBI:mysql:nikos_db', 'root', '')
    : DBI->connect('DBI:mysql:nikos_db:50free.net', '********', '*****
+*')
    or print font({-size=>5, -color=>'Lime'}, $DBI::errstr) and exit 0
+;


@files = <../data/texts/*>;

foreach (@files) {
   $_ =~ s/.*[\/\\](.*)/$1/;
}

print start_form(-action=>"index.pl");
   print p( {-align=>'center'}, font( {-size=>5, -color=>'Lime'}, 'Λόγ
+ος Ψυχωφελής και Θαυμάσιος => ' ),
                                popup_menu( -name=>'select', -values=>
+\@files ),
                                submit('ok'));
print end_form();

$file = param("select") || $files[rand(@files)];

undef @isfile{@files};
exists $isfile{$file} or die;

open(IN, "../data/texts/$file") or die $!;
   @data = <IN>;
close(IN);

$data = join("", @data);
$data =~ s/\n/\\n/g;


#*********************************************************************
+**********
print <<ENDOFHTML;
<html><head><title></title>
<script type="text/javascript">

var textToShow = "$data";
var tm;
var pos = 0;
var counter = 0;

function init()
{ tm = setInterval("type()", 50) }

function type()
{
   if (textToShow.length != pos)
   {
      d = document.getElementById("DivText");
      c = textToShow.charAt(pos++);

      if (c.charCodeAt(0) != 10)
         d.appendChild(document.createTextNode(c));
      else
         d.appendChild(document.createElement("br"));

      counter++;

      if (counter >= 1800 && (c.charCodeAt(0) == 10 || c == "."))
      {
         d.appendChild(document.createElement("br"));
         d.appendChild(document.createTextNode("Press any key..."));
         counter = 0;
         clearInterval(tm);
         document.body.onkeypress = function () { document.getElementB
+yId("DivText").innerHTML = ''; tm = setInterval("type()", 50); docume
+nt.body.onkeypress = null; };
      }
   }
   else
      clearInterval(tm);
}
</script>

<body onload=init()>
  <center>
  <div id="DivText" align="Left" style="
    background: url(../data/images/blueblack.jpg);
    border-color: Yellow;
    border-style: Groove;
    border-width: 10;
    width: 900;
    height: 500;
    color: Lightblue;
    font-face: Com;
    font-size: 19">
  </div>
</body>
</html>
ENDOFHTML
#*********************************************************************
+**********


print br(), br();
print start_form(-action=>"show.pl");
print table( {-border=>1, -width=>"65%", -align=>"center", -style=>"bo
+rder: ridge magenta; color: lime; font-size: 18", -background=>"../da
+ta/images/fire.jpg"},
      Tr( {-align=>'center'}, td( "Πώς σε λένε αδελφέ?" ),            
+          td( textfield( 'onoma' ))),
      Tr( {-align=>'center'}, td( "Ποιά είναι η γνώμη σου για την ευχή
+ του
                                   Ιησού 'Κύριε Ιησού Χριστέ Ελέησον Μ
+ε' ?" ),  td( textarea( -name=>'sxolio', -rows=>5, -columns=>30 ))),
      Tr( {-align=>'center'}, td( "Μοιράσου μαζί μας μία κατά τη γνώμη
+ σου
                                   θαυμαστή προσωπική σου πνευματική ε
+μπειρία
                                   από κάποιον γέροντα προς ώφελος των
                                   υπολοίπων αδελφών αν φυσικά έχεις .
+..." ),   td( textarea( -name=>'empeiria', -rows=>7, -columns=>30 )))
+,
      Tr( {-align=>'center'}, td( "Ποιό είναι το e-mail σου?" ),      
+          td( textfield( 'email' ))),
      Tr( {-align=>'center'}, td( submit( 'Εμφάνιση' )),              
+          td( submit( 'Αποστολή' ))));
print end_form(), br(), br();

open(IN, "<../data/texts/tips") or die $!;
   @tips = <IN>;
close(IN);

@tips = grep { !/^\s*\z/s } @tips;
$tip = $tips[int(rand(@tips))];

print table( {-width=>"90%", -align=>"center", -style=>"border: ridge 
+lightgreen; color: yellow; font-size: 18", -background=>"../data/imag
+es/blue.jpg"},
      Tr( {-align=>'center'}, td( font( {-size=>3, -color=>'white'}, b
+( $tip )))));

$db->do( "UPDATE counter SET visitor = visitor + 1" );

$st = $db->prepare( "SELECT visitor FROM counter" );
$st->execute();
$row = $st->fetchrow_hashref;

print font( {-size=>4, -color=>'Yellow'}, "<br>$host<br>" );
print font( {-size=>4, -color=>'Orange'}, "<br>$xronos<br>" );
print font( {-size=>4, -color=>'Cyan'},   "<br>$row->{visitor}<br><br>
+" );

print                       a( {href=>'games.pl'},        img {src=>'.
+./data/images/games.gif'} );
print p( {-align=>'right'}, a( {href=>'../data/photos/'}, font( {-size
+=>4, -color=>'Lime'}, 'Π' )));

if ($host =~ /thes530-.*?\.otenet\.gr|millennium-.*?\.ccf\.auth\.gr/) 
+{ exit 0; }

open(OUT, ">>../data/texts/log") or die $!;
   print OUT $host, " "x(40-length($host)), "->     ", $xronos, "\n";
close(OUT);

if ($ENV{'SERVER_NAME'} ne 'nikos.50free.net') { exit 0; }

#%mail = ( To      => 'nik0s@mycosmos.gr',
#          From    => 'roufianos@kyp.gr',
#          Subject => "Επισκέπτης από $host"
#        );
#sendmail(%mail) or die $Mail::Sendmail::error;
[download]

Sorry for the mess i caused and please excuse me for my curiocity.....but anyways no harm is done. All works great now... :-) Lucky me!

20040524 Edit by Corion: Removed DB username and password

In reply to Re: Re: Re: Company hacks through my Perl's Website Security hole by Nik
in thread Company hacks through my Perl's Website Security hole by Nik

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.