Inject/Handler.pm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

package Apache::Inject::Handler;

use strict;
use warnings;

use Apache2::RequestRec ();
use Apache2::RequestUtil ();
use Apache2::Const qw/OK DECLINED/;

my $doc = qr{
	(?<head> \s* # common way to trigger quirks mode
		 (<!doctype[^>]*>)? \s*
		 ( <head[^>]*>.*?</head> \s*
	         | ( <title[^>]*>.*?</title> \s*
	           | <base[^>]*> \s*
	           | <meta[^>]*> \s*
	           | <link[^>]*> \s*
	           | <object[^>]*>.*?</object> \s*
	           | <style[^>]*>.*?</style> \s* # n.b.
	           | <script[^>]*>.*?</script> \s* # n.b.
	           | <noscript[^>]*>.*?</noscript> \s* # n.b.!
	           )+
		 )
	)?
	(?<body> .* )
}xms;

sub handler {
	my $r = shift;

	return DECLINED if not $r->content_type eq 'text/html';

	my $content = ${$r->slurp_filename};
	return DECLINED if not $content =~ /$doc/;
	print $+{head} if $+{head};
	print "Injection 1\n";
	print $+{body};
	print "Injection 2\n";

	return OK;
}

1;