Downloading PERL scripts, instead of execution

Howdy folks,

I'm not a web genius, and so i turn to you for help on this one..

i need to download a PERL script which has been stored on a cgi server, with the only permission being "execute" (i presume)..

I've seen a program a while back which claims to do exactly this, however i cannot remember it now...

PLZ HELP!!
LVL 1
X_KaliburAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BrainMasterCommented:
Well cgi basicly designed to do just that. If you where able to do that I would consider that a breach of security since cgi scripts/programs can include such stuff as passwords, clues on files on the system, ...etc

If some program was able to do this I would think it would be done via some bug in the server which should have been fixed by now.
0
jhurstCommented:
Brain Master is right in that by definition the thing is executable and therefore executed.  

Actually, it is not just a security issue but an impossibility since the web server when it receives the request is not told whether to execute or just copy.  The server uses whatever rules it usesm such as, "is this in cgi-bin", or is it executable, and then executes it if appropriate.  Nothing in the request specifies this.

Having said this, I could conceive that some web-server would have a bug or a back-door that would allow some type of misformed request to cause the server to send the source rather than execute it.  This would certainly be regarded as a security breach.

However, if you have a legitimate reason to access it then I assume that you also have legitimate access to put files in that directory.  In which case, I would just put the following script there and execute it:

#!/usr/bin/perl
print <<EOT;
Content-type: text/html

<html>
<body>
<pre>
EOT

open(FILE,"<whateverfileyouneed");
while (<FILE>) {print ;}
close(FILE);
print <<EOT;
</body>
</html>


0
X_KaliburAuthor Commented:
JHurst,

You guys seem to be right abooout not being able to do anything...

But the place i'm trying to access it off is not my own, and hence i do not have access to their CGI server..

Sorry, but thanks n any case...

-x
0
Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

jhurstCommented:
so, basically you are trying to steal some perl?

Why not eMail the author/owner and ask him/her to send you a copy?

This is your only way, the answer is the answer, you may not like it, but this is the way it is!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
X_KaliburAuthor Commented:
jhusrt,

technically, yes, i want to see what the perl source is doing, because it is performing some matshs calcs..


So there is absolutely no way of getting the source then?

doh?

-x
0
ozoCommented:
Not unless the owner allows it.
0
jhurstCommented:
There is a way, ask the owner!  Failing that you are asking, can it be stolen.  Unless there is a backdoor of some type the stealing is not going to happen.
0
X_KaliburAuthor Commented:
thanks y'all...

:)
0
jhurstCommented:
You know we were talking back doors.  I just found one.

Tripod!

All scripts there are at:
members.tripod.com/username/cgi-bin/scriptname.cgi
and execute if accessed that way.

If you access:
cgi.tripod.com/username/scriptname.cgi
you do get to see it.

I would say this is a serious flaw in their implementation and it will be fixed.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.