Re: Weird error after a configuration change

On Apr 27, 11:00 pm, Brian McCauley <nobul...@xxxxxxxxx> wrote:
On Apr 27, 8:56 pm, Brian McCauley <nobul...@xxxxxxxxx> wrote:



On Apr 27, 8:33 pm, skieros <nikos1...@xxxxxxxxx> wrote:

I have this part of script:

##############################################################
my $action = param('action');
#============ REDIRECT TO PROPER SCRIPT ===================
if( ($action eq 'Αποστολή!') && ($ENV{HTTP_REFERER} =~ /
index/) )
##############################################################

and iam gettign thsi error now:

[Fri Apr 27 22:28:11 2007] [error] [client 10.0.0.2] [Fri Apr 27
22:28:11 2007] admin.pl: Use of uninitialized value in string eq at D:\
\www\\cgi-bin\\admin.pl line 26., referer:http://dell/

Hmmm... that's usually a warning. Do you perhaps have as use warnings
FATAL in your code?

Line 26 is the line with if.
All this happened when i deleted the d:\www\index.html file which was
pointing to d:\www\cgi-bin\index.pl and set apache to load /cgi-bin/
index.pl directly.

LOL!

Sorry, I was laughing so hard I actually got it totally wrong.

Oops.

I now see there _was_ apparently a referer and the error was
complaining about $action.

So what was the URL you used to access the script? Did it in fact
contain a value for action?

This, of course, has nothing to do with Perl.

This, indeed, is probably still true.

ok, $action actually was NOT undefined it was that i had it as $action
= param('something_else_and not correct_var') so i wasnt checking for
the correct posted variable, no error now, except the fact that
referer is stil 'http://dell' although index.pl posts data to
admin.pl....

As matter of fact i tried to pritn the referrrer var in every script
of mine called by another perl cgi script and every tiem the result
was http://dell why?!!

.

Relevant Pages

  • BizMail 2.1 Spam Exploit
    ... This form allowed a hacker to directly call the cgi, forge a referer ... The only hint that someone has abused the script ... the referer url matches a list of allowed referer urls. ... appears to be some sort of COM/OLE control which can be programmed to ...
    (Bugtraq)
  • Re: BizMail 2.1 Spam Exploit
    ... The spammer can still exploit the cgi and send spam, ... The only hint that someone has abused the script ... > the referer url matches a list of allowed referer urls. ...
    (Bugtraq)
  • [eVuln] E-Blah Platinum Referer XSS Vulnerability
    ... E-Blah Platinum 'Referer' XSS Vulnerability ... This can be used to post HTTP query with fake Referer value which may contain arbitrary html or script code. ...
    (Bugtraq)
  • Re: want no response from server
    ... > page (the script does some background task on the server). ... > redirect to the referer, but that causes a scroll to top, which is ... I do not have your answer, but if the referer page is also dynamic, ...
    (comp.lang.perl.misc)
  • Re: free source for bbs
    ... > did it the first time, fixed that, and I know how they did it the ... > second time because my password for the admin script was something ... But we are not laughing with you. ...
    (comp.lang.perl.misc)