Some script kiddie attacks cause HTML::FormHandler to die #145
Description
The following HTTP request from a script kiddie seems to cause one of our forms to die:
GET /path?arg1=keywords&arg2=MTUyNjk4MDk3MA
or the parameters have strings such as
arg1=eval%28chr%28112%29.chr%28114%29.chr%28105%29.chr%28110%29.chr%28116%29.
where the parameters are form parameters. FWIW this is used in a Starman/Catalyst app.
The logged errors are
Cannot delegate clear_errors to clear_errors because the value of result is not defined at inline delegation in HTML::FormHandler::Field for result->clear_errors (attribute declared in /opt/app/local/lib/perl5/HTML/FormHandler/Field.pm at line 33) line 6#012#011
HTML::FormHandler::Field::clear_errors('HTML::FormHandler::Field::Integer::1=HASH(0x118db808)') called at /opt/app/local/lib/perl5/HTML/FormHandler/Validate.pm line 55#012#011
HTML::FormHandler::Validate::validate_field('HTML::FormHandler::Field::Integer::1=HASH(0x118db808)') called at /opt/app/local/lib/perl5/HTML/FormHandler/Fields.pm line 131#012#011
HTML::FormHandler::Fields::_fields_validate('HTML::FormHandler::Field::Compound::9=HASH(0x118df740)') called at /opt/app/local/lib/perl5/HTML/FormHandler/Validate.pm line 95#012#011
HTML::FormHandler::Validate::validate_field('HTML::FormHandler::Field::Compound::9=HASH(0x118df740)') called at /opt/app/local/lib/perl5/HTML/FormHandler/Fields.pm line 131#012#011
Note that I've changed specific details of the form, paths and params above. If you need more details please contact me offline (in case this is an attack specific to the site I am working on or on FormHandler).
I suspect this is attacking a specific PHP app since in one of the requests the user agent string was
MTUyNjk4MDk3MA <?php eval(chr(112).chr(114).chr(105).chr(110).chr(116).chr(40).chr(39).chr(49).chr(55).chr(73).chr(53).chr(51).chr(48).chr(86).chr(65).chr(117).chr(52).chr(39).chr(41).chr(59)); ?>