blob: adeec57d90b09ea7987efb2b9ee63c9f13b3a261 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
package Apache::Inject::Handler;
use strict;
use warnings;
use Apache2::RequestRec ();
use Apache2::RequestUtil ();
use Apache2::Const qw/OK DECLINED/;
my $doc = qr{
(?<head> <head[^>*]>.*?</head>
|
( <title[^>]*>.*?</title>
| <base[^>]*>
| <meta[^>]*>
| <link[^>]*>
| <object[^>]*>.*?</object>
| <style[^>]*>.*?</style> # n.b.
| <script[^>]*>.*?</script> # n.b.
| <noscript[^>]*>.*?</noscript> # n.b.!
)+ )
(?<body> .* )
}xms;
sub handler {
my $r = shift;
return DECLINED if not $r->content_type eq 'text/html';
my $content = ${$r->slurp_filename};
return DECLINED if not $content =~ /$doc/;
print $+{head};
print "Injection 1\n";
print $+{body};
print "Injection 2\n";
return OK;
}
1;
|