homepage Welcome to WebmasterWorld Guest from 54.227.215.140
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Perl script being posted to?
But it's only used as a get script?
JohnNZ



 
Msg#: 4668487 posted 1:32 am on May 5, 2014 (gmt 0)

I apologise in advance, my use of terminology may not be correct but hopefully you should be able to understand my problem.

I have a perl script which depending on parameters passed to it from the QUERY_STRING selects data rows from a text file. These rows are processed and a 'results' page returned to the user.

This script is called from URLs on the pages of the site with the parameters hard-coded into the href of the link. Yes you can play with the parameters by manipulating the query string.

So, as I understand it, I should only see a GET statement for this script?

However a user is managing to POST to the script and I'm not sure how they are doing this?

 

Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4668487 posted 1:54 am on May 5, 2014 (gmt 0)

Depending on how the receiving routine is parsing the input, it very well could accept a GET or POST. Many receiving routines will be generic and accept both.

JohnNZ



 
Msg#: 4668487 posted 2:13 am on May 5, 2014 (gmt 0)

Thanks for that. Yeah, I've just had a play with the HttpRequester plugin which allows you to POST what ever you want and the script still sort of works.

But other than using something like a plugin, I can't see how (or why) they would POST to the script?

As far as I'm aware I don't have a POST method on the site, so does that mean they must be using something like the plugin?

phranque

WebmasterWorld Administrator phranque us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



 
Msg#: 4668487 posted 5:18 am on May 5, 2014 (gmt 0)

anyone can create and send a POST request to any url - they don't need your form for that.
attempts to POST may include vulnerability probes for spamming or hacking.

you can block POST requests if it is appropriate, either within your Perl script or using mod_rewrite. (assuming apache here)

if you block this in Perl, i would suggest a "403 Forbidden" response.

JohnNZ



 
Msg#: 4668487 posted 5:52 am on May 5, 2014 (gmt 0)

Thanks Phranque. Didn't really realise that until today.

I am planning to block POSTs within my CGI-BIN folder. I will double check that none require POST but I suspect not.

My testing shows I get a 403 response on my local server.

Brett_Tabke

WebmasterWorld Administrator brett_tabke us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4668487 posted 2:00 pm on May 5, 2014 (gmt 0)

> they would POST to the script?

it is probably a bot.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved