passing "%20" in a url to Perl via CGI

Zbigniew Koziol zkoziol-Zd07PnzKK1IAvxtiuMwx3w at public.gmane.org
Thu Aug 5 20:07:52 UTC 2004 

On Thu, 2004-08-05 at 15:53, Madison Kelly wrote:
> Hi all,
> 
>    I've got an odd problem... I am trying to pass file and directory 
> names over a link by using (as an example):
> 
> http://192.168.1.99/cgi-bin/show-dirs.cgi?file_name=on-screen%20ping%20pong[1]
> 
> Where the file name is in fact:
> 
> on-screen%20ping%20pong[1]
> 
> The problem is that it seems when I pick the variable back up in the 
> 'show-dirs.cgi' script the '%20' has been converted to a whitespace so 
> the file becomes:
> 
> on-screen ping pong[1]
> 
> I understand that '%20' means in a URL 'whitespace' so I am not too 
> surprised but I am a little bit lost as to how to get around this.
> 
> I suppose if worse came to worse I could substite '%20' for something of 
> my own making before creating the link and then convert it back after I 
> pick the variable up from CGI. I worry though that whatever I come up 
> with might be in another file name (I have no control over file names) 
> and i would simply replace one problem with another. This is double 
> confused by the fact that actual white-spaces in a name are themselves 
> converted to '%20', too.
> 
> Is there a way to preserve the '%20' in a url? Would it fix my problem 
> to use a form instead? Thanks for any advice!

I might be wrong, simply not understanding something. But... may be you
can "double" convert on the script side in the following way:

Instead of sending %20 to URL, send encoded values for %, 2, 0. In this
case, it would get encoded as %25%32%30

Where do I know this from?

Some time ago there was a virus/warm spreading out through IIS server.
It exploited the fact that, between others, that URL has not been
handled properly by IIS - it did "decoding" twice instead of once. By
using that volnurability, it was possible to brak up into IIS (by
providing double-encoded URL)and get any files that were available to
process user under which IIS run (often admin), on entire machine... So,
just per analogy this idea come to my silly mind.

zb.

> Madison
> --
> The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list