Highest Voted 'perl' Questions - IT Security Stack Exchange

24

votes

7 answers

How can I avoid putting the database password in a perl script?

I have a cronned Perl script that connects to our database and does various kinds of lookups and integrity checks. The original script was written by someone long ago. My job is to make some changes to it. But I really don't like staring at the…

asked Sep 20 '12 at 21:59

Luke Sheppard

2,217
3
15
21

5

votes

2 answers

Tools for analyzing Perl 5 code?

I'm looking for good tools for analyzing and/or detecting security issues in a large software project written in Perl 5. It could be static or dynamic analysis. I know that Perl is undecidable, but I'm decided to try any tool that allow me to reduce…

tools vulnerability-scanners source-code perl

asked Nov 08 '12 at 13:31

user1234299

171
1
5

4

votes

2 answers

Perl CPAN modules in a PCI-DSS environment

We are currently working on implementing the PCI-DSS ruleset in our IT environment, where all of the inhouse software we use is Perl. We have a Perl dev team of about 10 people (inlcuding me) and running large applications, mostly legacy. Now the…

pci-dss perl

asked Feb 27 '13 at 09:37

simbabque

143
5

3

votes

1 answer

Malicious RCE functions in CGI and Java

I know there are some functions in CGI and Java that can be abused to perform remote code execution attack. For example we can see abuse of "eval" function in Movable Type CMS: sub core_drop_meta_for_table {my $self = shift; my (%param) = @_; …

java perl

asked Aug 03 '15 at 06:32

Matthew

61
2

3

votes

2 answers

Sucpicious process running in CentOS server

Following is the output of the "top" command. I have clipped the result. Here, I want to know the detail of the process called httpd.pl. PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 23546 user 20 0 55596 5428 808 S …

centos perl

asked Dec 19 '14 at 10:48

Prakash

332
2
14

3

votes

2 answers

Caught this hitting our webmail server, any ideas?

So this was bouncing off our webmail server for the last couple days, I took it home today to look it through. Any ideas as to what is does/is/attempting to do? I have been looking through and would appreciate another set of eyes on it. …

perl

asked Nov 07 '13 at 22:25

Unholyrattrap

3

votes

3 answers

Need help decoding suspicious Perl .cgi files

I found three (identical) .cgi files in the "cgi-bin" directory of a hacked website account. My knowledge of Perl is insufficient to decode them. I see some regexp with code execution, but I don't see (or rather can't read) the code Need hints on…

obfuscation perl

asked Aug 05 '12 at 19:24

Denis

81
4

3

votes

3 answers

Is this Perl database connection vulnerable to SQL Injection

I have this (stripped down) Perl database query, and I wonder if this can be exploited in any way. This is from a challenge, so I know things could be done different, the task is to exploit this. To my knowledge it uses prepared statements and is…

sql-injection perl

asked Dec 18 '17 at 13:03

Ludisposed

848
1
8
21

3

votes

3 answers

Disable Perl for some/most Linux users?

One of my server's web accounts got hacked a couple of times. Each time someone downloaded a Perl script via some phpBB forum and used the Perl script to do whatever they wanted to do (mostly connect to IRC and start DDoS attacks according to the…

linux permissions perl backdoor

asked Jun 18 '12 at 10:18

Guillaume

49
1
4

3

votes

1 answer

Is my server vulnerable to a perl exploit?

I have a few worrying entries in my web server logs and I'm wondering if this means that my server is vulnerable. Firstly, the following seems to fail, receiving a 404 response: [15/Jan/2016:10:27:47 +0000] "GET /cgi-bin/php4 HTTP/1.1" 404 345 "-"…

exploit webserver perl

asked Jan 15 '16 at 13:03

Ken Sharp

126
9

2

votes

1 answer

How easy is it to crack this encryption algorithm?

When I was about 13 or 14 years old, I was a little interested in cryptography (which is, after all, an interesting field). I learnt quite a lot since that time (it has been about 8 years since then), but I'm still very far away from concidering…

cryptography perl

asked Jul 24 '14 at 21:13

kono

21
2

2

votes

1 answer

Identifying strange Perl CGI script

Recently, while looking at some Perl CGI files, I came across this. I am not familiar enough with Perl to know exactly what it means, but I did attempt to base64 decode the string to no effect. Can anyone tell me what this is doing or what it…

reverse-engineering perl

asked Apr 15 '13 at 14:27

Kees

21
1

2

votes

1 answer

Can /etc/passwd file be accessed on a cpanel shared hosting account?

Given standard server hardening was performed, can the /etc/passwd be accessed by a shared hosting account by using PHP or Perl scripts which is executed from the public_html of the shared account?

php web-hosting shared-hosting perl

asked Aug 02 '12 at 18:43

IMB

2,888
6
28
42

2

votes

1 answer

Is there any bias in this random selection from a dictionary?

I am generating passwords by selecting random words from a dictionary and counting entropy=words_in_passphrase*log(dictionary_size)/log(2). This algorithm assumes words will be selected from the dictionary with uniform distribution. I think the…

passwords random perl

asked Oct 22 '16 at 12:48

spraff

305
2
9

1

vote

1 answer

Does Perl's unpack function have format vulnerabilities?

I'm using Perl for the first time for production software and I have some trust issues with it. When I use the unpack() function, is it safe to use user input in the TEMPLATE string? I'm using a TEMPLATE like "Z$user_controlled" to read a string…

perl format-string

asked Jul 10 '15 at 06:12

Juha Kivekäs

326
2
7

Questions tagged [perl]