From the comments, this was done to support C escape sequences, which I guess are similar in Perl. There was then some regex to escape special characters before passing it quoted to qq and then finally passing the result to eval. It would build up a string until another quote was found, taking into account quotes escaped with a backslash. #- # Parse DjVu annotation "s-expression" syntax (recursively) # Inputs: 0) data ref (with pos($$dataPt) set to start of annotation) # Returns: reference to list of tokens/references, or undef if no tokens, # and the position in $$dataPt is set to end of last token # Notes: The DjVu annotation syntax is not well documented, so I make # a number of assumptions here! sub ParseAnt ($) One of these was located in the ParseAnt method of the DjVu module: Ignoring all the eval blocks, there were still a fair few interesting results. In Perl, eval can be used with a block to trap exceptions which is why it was being used everywhere. I then looked for places that called eval, and it turned out that it was used a lot: I started looking for places that performed file access but without much success. It turns out that it is written in Perl! I’ve never really used or reviewed Perl code before, but being a dynamic scripting language the majority of the general concepts were familiar. An older version was being used (11.70), so I thought maybe there could be some existing CVEs that could be abused, as parsing file formats is hard.Ī quick search showed only one old CVE from 2018, so decided to look at the source instead. I’d used ExifTool numerous times in the past but didn’t even know what language it was written in. While looking at one of my favourite bug bounty programs, I noticed they were using ExifTool to strip tags from uploaded images.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |