Axino.net

So our very dear Billy decided to work some code in perl.

Introduction to mission gives us clue that Billy is used to Visual Basic code and therefore we probably need to search for difference in the code, that in fact is syntax similar to VB.

So Bill Gates was tired of VisualBasic and now did some Perl, too bad; this script has a security flaw that allows everyone access to the company records! Fix the flaw for him!

Source code we have to examine:

#!/usr/bin/perl
 
<a href="http://perldoc.perl.org/functions/chomp.html">chomp</a>(my $User = `/usr/bin/whoami`);
 
<a href="http://perldoc.perl.org/functions/print.html">print</a> "Checking your access level...\n";
 
if ($User == 'BillGates')
{
<a href="http://perldoc.perl.org/functions/print.html">print</a> "Authorized! Here are the company records:\n" . `cat /home/BillGates/CompanyRecords.db`;
<a href="http://perldoc.perl.org/functions/die.html">die</a>("Closing...\n");
}
 
<a href="http://perldoc.perl.org/functions/die.html">die</a>("You're not authorized!\n");

Examining source code brought the following line of code to my notice.

if ($User == 'BillGates')

So we have to check whether in perl Strings are compared with “==” syntax. From the list of perl comparators you will notice that Billy should have used eq instead of “==”.

So solution is:

if ($User eq 'BillGates')

Similar Posts:

• Basic web hacking 11 :: User Agents II
• JavaScript Challenge 13 :: Cookie
• Basic web hacking 12 :: include me in
• hack-test.com 7 :: examine source code
• How to use Netbeans and Google code