|
This may be getting into the realms of hacking / unsecure coding, but it may be possible.
I know you can use "require" and "use" etc to run a perl script from another perl script - but both require the script to be physically on the server.
Question is, can an entire script be posted to a physical script, and be run without being printed out.
The obvious way is:
$test=param('test');
open (TEST, "test.pl");
print TEST $test;
close (TEST);
execute test.pl;
## See below
unlink test.pl;
If someone puts an "exit" in the red section, they can read the downloaded/executed script. Not good.
So I thought: Run the file in memory without printing it. I think it might involve piping <STDIN> to ????? (perl parser)
test=param('test');
open (TEST, "|?????");
close (TEST);
Is this possible? (Oh, the temporarily run script is printing a library filter in a certain part of the server / cookie that the end user shouldn't be able to locate)
|
