(a) Below is a short POST-method CGI script - it reads a line of the form...
Fantastic news! We've Found the answer you've been seeking!
Question:
Transcribed Image Text:
(a) Below is a short POST-method CGI script - it reads a line of the form "field-name-value" from standard input, and then executes the last command (in the line $result = 'last ...') to see if the user name "value" has logged in recently. Describe how to construct an input that executes an arbitrary command with the privileges of the script. Explain how your input will cause the program to execute your command, and suggest how the code could be changed to avoid the problem. #! /usr/bin/perl print "content-type: text/html\r\n\r\n<HTML><BODY>\n"; ($field_name, $username_to_look_for) = chomp $username_to_look_for; split (/=/, <>); $result = 'last -1000 | grep $username_to_look_for'; if ($result) { print "$username_to_look_for has logged in recently.\n"; } else { print "$username_to_look_for has NOT logged in recently.\n"; } print "</BODY></HTML>\n"; (a) Below is a short POST-method CGI script - it reads a line of the form "field-name-value" from standard input, and then executes the last command (in the line $result = 'last ...') to see if the user name "value" has logged in recently. Describe how to construct an input that executes an arbitrary command with the privileges of the script. Explain how your input will cause the program to execute your command, and suggest how the code could be changed to avoid the problem. #! /usr/bin/perl print "content-type: text/html\r\n\r\n<HTML><BODY>\n"; ($field_name, $username_to_look_for) = chomp $username_to_look_for; split (/=/, <>); $result = 'last -1000 | grep $username_to_look_for'; if ($result) { print "$username_to_look_for has logged in recently.\n"; } else { print "$username_to_look_for has NOT logged in recently.\n"; } print "</BODY></HTML>\n";
Expert Answer:
Answer rating: 100% (QA)
The given CGI script is vulnerable to command injection because it directly uses the user input in t... View the full answer
Related Book For
Income Tax Fundamentals 2013
ISBN: 9781285586618
31st Edition
Authors: Gerald E. Whittenburg, Martha Altus Buller, Steven L Gill
Posted Date:
Students also viewed these programming questions
-
What is the output of the following snippet of code if number is 35? if (number % 2 == 0) System.out.println(number + else " is odd."); System.out.println(number +" is even.");
-
Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...
-
Read the articles found at the following links: Normalization in DBMS: 1NF, 2NF, 3NF and BCNF with Examples https://hackr.io/blog/dbms-normalization What is Normalization? 1NF, 2NF, 3NF & BCNF with...
-
The _____________ works out the best way to structure finances and make effective financial decisions.
-
What is the two-class method?
-
a. Based on your answers to Problem 4.17, prepare an income statement (ignoring income taxes) for Kissick Co.s first year of operations and a balance sheet as of the end of the year. b. Provide a...
-
1.5 MNEs and LIBOR. Most MNEs either take loans in eurocurrencies or issue eurobonds with a floating coupon rate tied to the LIBOR. Explain how MNES were affected by the LIBOR scandal.
-
Sonne Company produces a perfume called Whim. The direct materials and direct labor standards for one bottle of Whim are given below: During the most recent month, the following activity was...
-
Assume the current spot rate between the UK and the U.S. is 0.839 per $1, the expected inflation rate in the U.S. is 1.21 percent, and the expected inflation rate in the UK is 4.25 percent. If...
-
Determine the optical path difference for the two waves A and B, both having vacuum wavelengths of 500 nm, depicted in Fig. P.7.6; the glass (n = 1.52) tank is filled with water (n = 1.33). If the...
-
discuss how supply and demand drive the transportation industry? In your opinion, how does the transportation industry affect the environment?
-
Your house foundation and basement floor are made up of 1000ft 3 of concrete. About how many Btu are required to raise the temperature of this mass from 0 degrees C to 40 degrees C? Given 22 Btu/ft 3...
-
Executive salaries are charged to three operating divisions on the basis of capital investment in the three divisions. If the investment is $13.6 million in the Northern Division, $10.2 million in...
-
You are holding a 5.0-kg gold bar under water. How heavy does it feel? (i.e. What is the bar's weight under water?) The density of water is pw = 1000 kg/m3 and the density of gold is pG = 19,300...
-
Espresso Express operates a number of espresso coffee stands in busy suburban malls. The fixed weekly expense of a coffee stand is $2,100 and the variable cost per cup of coffee served is $0.52....
-
Fixed cost per unit is $7 when 25,000 units are produced and $5 when 35,000 units are produced. What is the total fixed cost when nothing is produced?
-
Did you ever use chunking (breaking larger pieces of information into smaller parts) or mnemonic devices as a child to learn something? How effective were these techniques? Would the techniques you...
-
Which of the following raises the credibility of areport? Which of the following raises the credibility of a report? Multiple Choice avoiding predictions avoiding the use of cause-effect statements...
-
While preparing Massie Miller's 2012 Schedule A, you review the following list of possible charitable deductions provided by Massie: Cash contribution to a family whose house burned...
-
Cypress Corporation has regular taxable income of $170,000 (assume annual gross receipts are greater than $5 million) and regular tax liability of $49,550 for 2012. The corporation also has tax...
-
Indicate, in each of the following situations, the number of exemptions the taxpayers are entitled to claim on their 2012 income tax returns. Number of Exemptions a. Donna, a 20-year-old single...
-
Calculate \(\frac{23}{42}+\frac{9}{56}\) using Desmos.
-
Express the following rational numbers in lowest terms: 1. \(\frac{36}{48}\) 2. \(\frac{100}{250}\) 3. \(\frac{51}{136}\)
-
Determine if \(\frac{12}{30}\) and \(\frac{14}{35}\) are equivalent fractions.
Study smarter with the SolutionInn App