Short Post Method Cgi Script Reads Line Form Field Name Value Standard Input Executes Last Q43872483
(a) Below is a short POST-method CGI script – it reads a line of the form “field-name=value” from standard input, and then executes the last command (in the line $result = ‘last …’) to see if the user name “value” has logged in recently. Describe how to construct an input that executes an arbitrary command with the privileges of the script. Explain how your input will cause the program to execute your command, and suggest how the code could be changed to avoid the problem. #!/usr/bin/perl print “content-type: text/htmlrnrn<HTML><BODY>n”; ($field_name, $username_to_look_for) = split(/=/, <>); chomp $username_to_look_for; $result = ‘last -1000 i grep $username_to_look_for’; if ($result) { print “$username_to_look_for has logged in recently.n”; } else { print “$username_to_look_for has NOT logged in recently.n”; print “</BODY></HTML>n”; Show transcribed image text (a) Below is a short POST-method CGI script – it reads a line of the form “field-name=value” from standard input, and then executes the last command (in the line $result = ‘last …’) to see if the user name “value” has logged in recently. Describe how to construct an input that executes an arbitrary command with the privileges of the script. Explain how your input will cause the program to execute your command, and suggest how the code could be changed to avoid the problem. #!/usr/bin/perl print “content-type: text/htmlrnrnn”; ($field_name, $username_to_look_for) = split(/=/, ); chomp $username_to_look_for; $result = ‘last -1000 i grep $username_to_look_for’; if ($result) { print “$username_to_look_for has logged in recently.n”; } else { print “$username_to_look_for has NOT logged in recently.n”; print “n”;
Expert Answer
Answer to (a) Below is a short POST-method CGI script – it reads a line of the form “field-name=value” from standard input, and …
OR