Downloading PERL scripts, instead of execution

Howdy folks,

I'm not a web genius, and so i turn to you for help on this one..

i need to download a PERL script which has been stored on a cgi server, with the only permission being "execute" (i presume)..

I've seen a program a while back which claims to do exactly this, however i cannot remember it now...

Who is Participating?
jhurstConnect With a Mentor Commented:
so, basically you are trying to steal some perl?

Why not eMail the author/owner and ask him/her to send you a copy?

This is your only way, the answer is the answer, you may not like it, but this is the way it is!
Well cgi basicly designed to do just that. If you where able to do that I would consider that a breach of security since cgi scripts/programs can include such stuff as passwords, clues on files on the system, ...etc

If some program was able to do this I would think it would be done via some bug in the server which should have been fixed by now.
Brain Master is right in that by definition the thing is executable and therefore executed.  

Actually, it is not just a security issue but an impossibility since the web server when it receives the request is not told whether to execute or just copy.  The server uses whatever rules it usesm such as, "is this in cgi-bin", or is it executable, and then executes it if appropriate.  Nothing in the request specifies this.

Having said this, I could conceive that some web-server would have a bug or a back-door that would allow some type of misformed request to cause the server to send the source rather than execute it.  This would certainly be regarded as a security breach.

However, if you have a legitimate reason to access it then I assume that you also have legitimate access to put files in that directory.  In which case, I would just put the following script there and execute it:

print <<EOT;
Content-type: text/html


while (<FILE>) {print ;}
print <<EOT;

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

X_KaliburAuthor Commented:

You guys seem to be right abooout not being able to do anything...

But the place i'm trying to access it off is not my own, and hence i do not have access to their CGI server..

Sorry, but thanks n any case...

X_KaliburAuthor Commented:

technically, yes, i want to see what the perl source is doing, because it is performing some matshs calcs..

So there is absolutely no way of getting the source then?


Not unless the owner allows it.
There is a way, ask the owner!  Failing that you are asking, can it be stolen.  Unless there is a backdoor of some type the stealing is not going to happen.
X_KaliburAuthor Commented:
thanks y'all...

You know we were talking back doors.  I just found one.


All scripts there are at:
and execute if accessed that way.

If you access:
you do get to see it.

I would say this is a serious flaw in their implementation and it will be fixed.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.