Inject/Handler.pm


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

package Apache::Inject::Handler;

use strict;
use warnings;

use Apache2::RequestRec ();
use Apache2::RequestUtil ();
use Apache2::Const qw/OK DECLINED/;

my $doc = qr{
	(?<head> <head[^>*]>.*?</head>
	         |
	         ( <title[^>]*>.*?</title>
	         | <base[^>]*>
	         | <meta[^>]*>
	         | <link[^>]*>
	         | <object[^>]*>.*?</object>
	         | <style[^>]*>.*?</style> # n.b.
	         | <script[^>]*>.*?</script> # n.b.
	         | <noscript[^>]*>.*?</noscript> # n.b.!
	         )+ )
	(?<body> .* )
}xms;

sub handler {
	my $r = shift;

	return DECLINED if not $r->content_type eq 'text/html';

	my $content = ${$r->slurp_filename};
	return DECLINED if not $content =~ /$doc/;
	print $+{head};
	print "Injection 1\n";
	print $+{body};
	print "Injection 2\n";

	return OK;
}

1;