Stories
Slash Boxes
Comments

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Serious SOAP::Lite Security Hole Discovered 2 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • Part of the reason I wrote my RPC::XML at all was because I wasn't comfortable with the way that Frontier::RPC published functions simply by "redirecting" calls to a specified package name-space. I don't know that it would be vulnerable, but I suspect it probably is. I was also bothered by this aspect of SOAP::Lite when I started using it as well, but I lacked the bandwidth to try and roll my own on that count. I feel pretty certain (though not 100%) that the server classes in RPC::XML are not vulnerable to this. I don't route incoming calls to an arbitrary namespace, I use a method-table. If you don't have an engraved invitation, you don't get to dance.

    So I'm doing the next best thing... joined up on the soaplite mailing list, am printing out the phrack article, and have in hand a sample exploit script Ilya was kind enough to send me. Looking forward to comparing notes with you guys tomorrow...

    --rjray

    --

    --rjray

    • It was pointed out to me on perlmonks [perlmonks.org] that Frontier::Daemon doesn't behave in the way I thought it did; it, too, requires that methods be explicitly added. I thought I had seen an example of using it with a class-namespace dispatch configuration, but I can't find that now that I look for it again.

      --rjray

      --

      --rjray

Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.