Hello List!
I heard that 5.6 can fork is that correct?
The below script works on my UNIX box but not on NT 4.0 with IIS 4.0
I read on the Net that it is advisable to fork a copy of PERL instead of directly passing stuff from the web to the shell (command prompt in NT)
My questions I guess are do I need to even worry about this in NT, can I fork in NT with 5.6 and is the script below secure enough?
Thanks!!!
Code Follows:
#! perl.exe
use CGI;
my $query = new CGI;
$value = $query->param('trace');
#Removing Harmful MetaCharacters from Web Based Input
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/~!/ ~!/g;
$value =~ s/[;`~^<>\*\|'&\$!?#\(\)\[\]\{\}:'"\\]//g;
# If I uncomment the 3 lines below and then comment out the fork part -#the script will work
##open (TRACE, "c:\\winnt\\system32\\tracert $value|");
#@traceroute = <TRACE>;
#close (TRACE);
#Fork another copy of PERL to bypass sending command directly to system
$result = open(TRACE,"-|");
die "Couldn't open pipe to subprocess" unless defined($result);
exec "c:\\winnt\\system32\\tracert",$value
or die "Couldn't exec traceroute" if $result == 0;
@traceroute = <TRACE> ;
close TRACE;
print "Content-Type: text/html\n\n";
print "<html>\n<head>\n<title>\nNetOS TraceRoute Results\n</title>\n</head>\n<body>\n";
foreach $item (@traceroute) {
print "<BR>$item\n\n";
}
print "</body>\n</html>\n";
exit (0);
