Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2006
    Posts
    2

    Unanswered: Unable to download files

    Hello everybody,
    I am very much depressed and unable to find a solution. Please some one with the experties help me.
    Below is my script which allows me to display the data from the folders but when i try to download the files with right click 'save target as' it does not download. I don't know what's wrong i have made.

    Will some expert please help me, favour me i will be highly thankfull and obliged.

    Thanking in advance.

    [passfile.txt.pl]

    test test 001
    abcd joed 002

    [main.pl]

    #!/usr/bin/perl

    push(@INC, '.');
    use CGI qw(:standard);
    use LWP:imple;

    $cgi = CGI->new;

    $this = "http://www.mysite.net/cgi-bin/main.pl";

    $fpath = "http://www.mysite.net/";

    $hpath = "/home/venus/public_html";

    $filepaths = "/home/venus/reports";

    $passfile = "passfile.txt.pl";

    $fnames[0] = "inc";
    $fnames[1] = "sal";
    $fnames[2] = "inw";


    if (param()) {
    if (param('cmd') eq "auth") {
    &authenticate;
    &load_type_list;
    } elsif (param('fname')) {
    $incookie = $cgi->cookie('code');
    if ($incookie eq "") {
    &load_login;
    } else {
    &do_load_links;
    }
    } elsif (param('getfile')) {
    $incookie = $cgi->cookie('code');
    if ($incookie eq "") {
    &load_login;
    } else {
    &get_file;
    }
    }
    } else {
    &load_login;
    }


    sub get_file
    {
    chomp($thefile = param('getfile'));
    chomp($cpath = param('path'));
    `cp $cpath/$thefile $hpath`;

    print header;
    print <<PAGE;
    <HTML>
    <HEAD>
    <SCRIPT LANGUAGE="Javascript">
    window.location = "$fpath/$thefile";
    </SCRIPT>
    </HEAD>
    </HTML>
    PAGE
    }

    sub load_login
    {

    print header;
    print <<PAGE;
    <HTML>
    <HEAD>
    <TITLE>File Download </TITLE>
    <SCRIPT LANGUAGE="Javascript">
    /* Javascript Code Here */
    function chk_fields()
    {
    uname = document.loginfrm.uname.value;
    pass = document.loginfrm.pass.value;

    if (uname == "") {
    alert("I Need A Username");
    return false;
    }

    if (pass = "") {
    alert("I Need A Password");
    return false;
    }

    document.loginfrm.submit();
    }
    </SCRIPT>
    </HEAD>
    <BODY BGCOLOR="#000000" TEXT="#FFFFFF">
    <FORM NAME="loginfrm" METHOD="POST" ACTION="$this">
    <CENTER>
    <H1>Please Login</H1>
    <HR><BR>
    <B>Username</B><BR>
    <INPUT TYPE="TEXT" NAME="uname"><BR><BR>
    <B>Password</B><BR>
    <INPUT TYPE="PASSWORD" NAME="pass"><BR><BR>
    <INPUT TYPE="HIDDEN" NAME="cmd" VALUE="auth">
    <INPUT TYPE="BUTTON" VALUE="Login" onClick="chk_fields();">
    <INPUT TYPE="BUTTON" VALUE="Cancel" onClick="history.go(-1);"><BR>
    </CENTER>
    </FORM>
    </BODY>
    </HTML>
    PAGE

    &foot;
    }

    sub do_load_links
    {
    chomp($username = param('uname'));
    chomp($password = param('pass'));
    chomp($code = param('bcode'));
    chomp($fbname = param('fname'));
    $cpath = "$filepaths/$fbname";
    @files = &get_file_list($cpath);

    print header;
    print <<PAGE;
    <HTML>
    <HEAD>
    <TITLE>File Download </TITLE>
    <SCRIPT LANGUAGE="Javascript">
    /* Javascript Code Here */
    </SCRIPT>
    </HEAD>
    <BODY BGCOLOR="#000000" TEXT="#FFFFFF">
    <FORM NAME="linkfrm" ACTION="$this">
    <CENTER>
    <H1>Choose A File</H1>
    <HR><BR>
    PAGE

    foreach $file (@files) {
    $frnt = substr($file, 0, 3);
    if ($code eq $frnt) {
    print "<A HREF=\"$this?getfile=$file&path=$cpath\">$file</A><BR>\n";
    }
    }
    print <<PAGE1;
    </CENTER>
    </FORM>
    </BODY>
    </HTML>
    PAGE1

    }

    sub load_type_list
    {

    # print header;
    print <<PAGE;
    <HTML>
    <HEAD>
    <TITLE>File Download </TITLE>
    <SCRIPT LANGUAGE="Javascript">
    /* Javascript Code Here */
    </SCRIPT>
    </HEAD>
    <BODY BGCOLOR="#000000" TEXT="#FFFFFF">
    <FORM NAME="fnamefrm" METHOD="POST" ACTION="$this">
    <CENTER>
    <H1>Please Choose File Type</H1>
    <HR><BR>
    PAGE

    print "<SELECT NAME=\"fname\">\n";
    foreach $fn (@fnames) {
    print "<OPTION VALUE=\"$fn\">$fn</OPTION>\n";
    }
    print "</SELECT>\n";
    print <<PAGE1;
    <INPUT TYPE="HIDDEN" NAME="uname" VALUE="$username">
    <INPUT TYPE="HIDDEN" NAME="pass" VALUE="$password">
    <INPUT TYPE="HIDDEN" NAME="bcode" VALUE="$code">
    <INPUT TYPE="SUBMIT" VALUE="Choose">
    </CENTER>
    </FORM>
    </BODY>
    </HTML>
    PAGE1
    }

    sub auth_failure
    {

    print header;
    print <<PAGE;
    <HTML>
    <HEAD>
    <TITLE>File Download </TITLE>
    <SCRIPT LANGUAGE="Javascript">
    /* Javascript Code Here */
    function chk_fields()
    {
    uname = document.loginfrm.uname.value;
    pass = document.loginfrm.pass.value;

    if (uname == "") {
    alert("I Need A Username");
    return false;
    }

    if (pass = "") {
    alert("I Need A Password");
    return false;
    }

    document.loginfrm.submit();
    }
    </SCRIPT>
    </HEAD>
    <BODY BGCOLOR="#000000" TEXT="#FFFFFF">
    <FORM NAME="loginfrm" ACTION="$this">
    <CENTER>
    <H1>Invalid Login</H1>
    <HR><BR>
    <B>Username</B><BR>
    <INPUT TYPE="TEXT" NAME="uname"><BR><BR>
    <B>Password</B><BR>
    <INPUT TYPE="PASSWORD" NAME="pass"><BR><BR>
    <INPUT TYPE="HIDDEN" NAME="cmd" VALUE="auth">
    <INPUT TYPE="BUTTON" VALUE="Login" onClick="chk_fields();">
    <INPUT TYPE="BUTTON" VALUE="Cancel" onClick="history.go(-2);"><BR>
    </CENTER>
    </FORM>
    </BODY>
    </HTML>
    PAGE
    &foot;
    }

    sub get_file_list
    {
    $dirpath = shift;
    system("/bin/ls -AF1 $dirpath >>ffile");
    open(FH, "< ffile") or die "I suck";
    while (<FH>) {
    chomp($_);
    $lchr = substr($_, length($_) -1);
    if ($lchr ne "/") {
    /(.*)/s;
    push @filelist, $1;
    }
    }
    close(FH);
    unlink "ffile";

    return @filelist;
    }


    sub authenticate
    {
    chomp($uname = param('uname'));
    chomp($pass = param('pass'));

    open(FH, "$passfile");
    while (<FH>) {
    chomp($_);
    ($tlogin, $tpasswd, $tbcode) = split(/\t/, $_);
    push @logins, $tlogin;
    push @passwds, $tpasswd;
    push @bcodes, $tbcode;
    }
    close(FH);


    $cnt = 0;
    $flag = "false";
    foreach $lname (@logins) {
    if ($lname eq $uname) {
    if ($passwds[$cnt] eq $pass) {
    $hld = $cnt;
    $flag = "true";
    }
    }
    $cnt++;
    }

    if ($flag eq "false") {
    # /* User Failed Authentication */
    &auth_failure;
    } else {
    $username = $logins[$hld];
    $password = $passwds[$hld];
    $code = $bcodes[$hld];
    $outcookie = $cgi->cookie(-name=>'code', -value=>'auth', -path=>'/');
    print header(-cookie=>$outcookie);
    }
    }

    sub foot
    {
    print end_html;
    die;
    }

    sub bitch
    {
    print header, start_html;
    print "<CENTER>\n";
    print h1("Not Enough Data"), hr, br;
    print "</CENTER>\n";
    print end_html;
    die;
    }

  2. #2
    Join Date
    Apr 2006
    Location
    California
    Posts
    3
    I would probably look for another script to use or rewrite this one. You have a couple of security flaws that need to be fixed. For instance:

    Code:
    # ...
    
    sub get_file 
    {
    chomp($thefile = param('getfile'));
    chomp($cpath = param('path'));
    `cp $cpath/$thefile $hpath`;
    print header;
    print <<PAGE;
    <HTML>
    <HEAD>
    <SCRIPT LANGUAGE="Javascript">
    window.location = "$fpath/$thefile";
    </SCRIPT>
    </HEAD>
    </HTML>
    PAGE
    }
    
    # ...
    That can potentially list *any* file on the server that you (well, the user the script runs as) has access to. It can potentially execute shell commands too. There are a cople of other spots where you do similar operations with tainted data. Have a peek at the perlsec FAQ for more info.

    ~Charlie

    [1] http://perldoc.perl.org/perlsec.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •