Validating user input in perl
Often times at this point the attacker will write a file that will allow them to upload files more easily.
Then the attacker could upload any number of open source remote administration utilities.
Unless an attacker could find such a vulnerability in an open source package or other application with a wide install base this attack technique is usually useful only against selected targets.
One of the reasons the attack in this example worked was because of the myriad of technologies used (and strung together).
This script processes data passed to it from a form that resides in a web accessible directory.
Being able to pull off this kind of attack requires a fairly comprehensive understanding of the methods used, as well as the weaknesses of various online applications.
Registered validation checks, by default only "equal_to", "in", "like", "num", "size" and "upload" are already defined.
Mojolicious:: Validator inherits all methods from Mojo:: Base and implements the following new ones.
Of course, the root cause of the exploit is that user input isn't being validated.
You should never expect that a user will pass expected values to your program.