perlhaq2 - Files and Formats

perlhaq2::Files and Formats

Cool stuff on files, formats, conversions, and common exploitable bugs in file manipulation code.

MAIN::
- Recommendation
- Null Terminator in open() and Exploitation of it
CHANGES::
AUTHOR::

Recommendation
If you need to know about basic file manipulation, formats, etc., read perlform or perlfaq5 (Files and Formats).

Null Terminator in open() and Exploitation of it
The null terminator, "\0", usually signals a function to stop reading a string of some sort. In an open() statement, such as this,

open(FH, "</web/h4w/" . $userinput . ".html");

the open() opens the file /web/h4w/$userinput.html for reading. We assume $userinput is some type of user input, possibly through a CGI. If $userinput is "haq", the open() will open /web/h4w/haq.html for reading. But if $userinput is "haq\0", the CGI will read in /web/h4w/haq, escaping the ".html" at the end.

Changes

August 29, 2001 - I began writing this.

Author

That would be me, Samy Kamkar. You can reach me at CommPort5@LucidX.com or on IRC on SUIDnet in #suid with the IRC name 'CommPort5'.