Yeah, I ran that too and eval did not execute that code. I have tried quite a few different variations and have been unable to get anything to execute.

Believe me, if this is possible then I will find another way. But, so far it seems there is no risk.

Here is the code I used:

#!/usr/bin/perl

use strict;
use warnings;

$ENV{REQUEST_URI} = q{/Products/bt-foo.aspx?evil=";system('ls -l');".a
+spx};

my $in  = '/Products/bt-(.*?).aspx';
my $out = '/s/Products/$1';

$ENV{REQUEST_URI} =~ s#$in#eval qq{"$out"}#ie;

print "$ENV{REQUEST_URI}\n";
[download]

Maybe you can modify that to demonstrate the security risk, you are talking about?