Question: (a) Below is a short POST-method CGI script - it reads a line of the form field-name-value from standard input, and then executes the

(a) Below is a short POST-method CGI script - it reads a line of the form "field-name-value" from standard input, and then executes the last command (in the line $result = 'last ...') to see if the user name "value" has logged in recently. Describe how to construct an input that executes an arbitrary command with the privileges of the script. Explain how your input will cause the program to execute your command, and suggest how the code could be changed to avoid the problem. #! /usr/bin/perl print "content-type: text/html "; ($field_name, $username_to_look_for) = chomp $username_to_look_for; split (/=/, ); $result = 'last -1000 | grep $username_to_look_for'; if ($result) { print "$username_to_look_for has logged in recently. "; } else { print "$username_to_look_for has NOT logged in recently. "; } print " ";

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer

Step: 1 Unlock

The given CGI script is vulnerable to command injection because it directly uses the user input in t... View full answer

Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock

Step: 3 Unlock

Students Have Also Explored These Related Programming Questions!

What is the output of the following snippet of code if number is 35? if (number % 2 == 0) System.out.println(number + else " is odd."); System.out.println(number +" is even.");

Planning is one of the most important management functions in any business. A front office managers first step in planning should involve determine the departments goals. Planning also includes...

Read the articles found at the following links: Normalization in DBMS: 1NF, 2NF, 3NF and BCNF with Examples https://hackr.io/blog/dbms-normalization What is Normalization? 1NF, 2NF, 3NF & BCNF with...

The _____________ works out the best way to structure finances and make effective financial decisions.

Why is it appropriate to view modern organizations as open systems?

=+16.9. Using the pattern-based design tasks noted in Section 16.2.3, develop a skeletal design

What are some of the topics studied?

An Ionic Crystal Figure shows eight point charges arranged at the corners of a cube with sides of length d. The values of the charges are +q and -q, as shown. This is a model of one cell of a cubic...

account name Debit Creditor Cash 2000 Owe 88000 S ales 1850000 Administrative m 250000 Cost of sales 135 00 0 M sell it 150000 Deferred income taxes 20000 Assets at fair value income statement 18000...

Eta Corporation approaches Lily White, the CEO and sole shareholder of MuCo, regarding the acquisition of MuCo's cat toy division assets (worth $1.3 million). As selling the assets would create a...

Find the equation of the line and write in the specified form: a. the line parallel to d = (2, 3) that hits the point (1, 4), in parametric form. b. the line that passes through the points (2, 4) and...

a). The following information was extracted from the stores ledger of Alpha Limited during the month of March 2022 Opening inventory 4000 units valued at shs. 160,000 Receipts March 5 5,000 units @...

What values can be held related to leadership and what informs them?

iid Estimating variance for normal data. Suppose that we observe data X1, ..., Xn N(0, v) we know the mean is 0, but we don't know the variance v. (We are writing variance = v, instead of , to make...

Four small spheres, each of which you can regard as a point of mass 0.200 kg, are arranged in a square 0.400 m on a side and connected by light rods a)Find the moment of inertia of the system about...

In the class, we leamt the capital recovery factor (CRF) that is given as i(1+i)n (1+i)n - 1 where i the interest rate and n is the number of annuities received. CRF 4a) (10pts) Given i, find the...

ALL ANSWERS NEED TO BE IN FORMULA FORM PLS ! All answers must be entered as a formula. Click OK to begin. All answers must be entered as a formula. Click OK to begin

Phosgene, COCl2, is a toxic gas used in the manufacture of urethane plastics. The gas dissociates at high temperature. At 400oC, the equilibrium constant Kc is 8.05 104. Find the percentage of...

While preparing Massie Miller's 2012 Schedule A, you review the following list of possible charitable deductions provided by Massie: Cash contribution to a family whose house burned...

Cypress Corporation has regular taxable income of $170,000 (assume annual gross receipts are greater than $5 million) and regular tax liability of $49,550 for 2012. The corporation also has tax...

Indicate, in each of the following situations, the number of exemptions the taxpayers are entitled to claim on their 2012 income tax returns. Number of Exemptions a. Donna, a 20-year-old single...

Columbus Airlines introduced a new, specially discounted line of air fares in 1995. Annual ticket revenues Y (in $ 1,000s) are shown in the following table, along with the time period X (in months,...

With the addition of five pairs of observations(18,000, 39.2), (22,400, 27.9), (24,210, 22.3), (5,400, 11.7), and (9,340, 32.5)to the data in Problem 3 in Chapter 5, the accompanying computer output...

a.-g. For the data on DIST (Y) and MPH (X) in Problem 7 in Chapter 5, use the following information to answer the same questions as in parts (a) through (g) of Problem 2. Degree 1 fit: = -122.345 +...