[CentOS] Apache mod_perl cross site scripting vulnerability

Wed Aug 12 12:17:39 UTC 2015
Ellen Shull <ellenshull at gmail.com>

On Wed, Aug 12, 2015 at 3:39 AM, Proxy One <proxy-one at mail.ru> wrote:
> Is there way to use curl for testing? I'm getting new line because of
> the single quote inside string and escaping it with back slash gives me
> bash: syntax error near unexpected token `<'

You can use curl's -K option which lets you stick arguments in a file,
helpful for getting around shell quoting nightmares.  For example make
a file named test-url-file which contains the line
url = http://www.mydomain.com/[bad stuff, don't want this message
tripping over some filter for containing a malicious-looking URL]

then do curl -g -K test-url-file

Note that just gets you around shell interpretation; curl does some of
its own as well.  the -g switch I used there disables its
interpretation of {}[] as special globbing characters.  If you put the
url in double quotes then not only do you have to escape any double
quotes in the string, it also starts interpreting backslash sequences
so you have to double all backslashes--so oddly it's best to just
leave quotes off.

--ln