homepage Welcome to WebmasterWorld Guest from 54.227.11.45
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Perl script being posted to?
But it's only used as a get script?
JohnNZ




msg:4668489
 1:32 am on May 5, 2014 (gmt 0)

I apologise in advance, my use of terminology may not be correct but hopefully you should be able to understand my problem.

I have a perl script which depending on parameters passed to it from the QUERY_STRING selects data rows from a text file. These rows are processed and a 'results' page returned to the user.

This script is called from URLs on the pages of the site with the parameters hard-coded into the href of the link. Yes you can play with the parameters by manipulating the query string.

So, as I understand it, I should only see a GET statement for this script?

However a user is managing to POST to the script and I'm not sure how they are doing this?

 

Brett_Tabke




msg:4668491
 1:54 am on May 5, 2014 (gmt 0)

Depending on how the receiving routine is parsing the input, it very well could accept a GET or POST. Many receiving routines will be generic and accept both.

JohnNZ




msg:4668493
 2:13 am on May 5, 2014 (gmt 0)

Thanks for that. Yeah, I've just had a play with the HttpRequester plugin which allows you to POST what ever you want and the script still sort of works.

But other than using something like a plugin, I can't see how (or why) they would POST to the script?

As far as I'm aware I don't have a POST method on the site, so does that mean they must be using something like the plugin?

phranque




msg:4668504
 5:18 am on May 5, 2014 (gmt 0)

anyone can create and send a POST request to any url - they don't need your form for that.
attempts to POST may include vulnerability probes for spamming or hacking.

you can block POST requests if it is appropriate, either within your Perl script or using mod_rewrite. (assuming apache here)

if you block this in Perl, i would suggest a "403 Forbidden" response.

JohnNZ




msg:4668511
 5:52 am on May 5, 2014 (gmt 0)

Thanks Phranque. Didn't really realise that until today.

I am planning to block POSTs within my CGI-BIN folder. I will double check that none require POST but I suspect not.

My testing shows I get a 403 response on my local server.

Brett_Tabke




msg:4668608
 2:00 pm on May 5, 2014 (gmt 0)

> they would POST to the script?

it is probably a bot.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved