CVE-2011-1487
Perl 5.10.x-5.12.3 and 5.13.x-5.13.11 - Taint Protection Bypass via lc, lcfirst, uc, and ucfirst Functions
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-1487. PoCs published by mmartinec.
AI-analyzed exploit summary The provided code demonstrates a security-bypass weakness in Perl's TAINT mode, where tainted input can bypass sanitization checks via the `lc()` function. This is a proof-of-concept showing how tainted data remains tainted after case conversion, but does not include an exploit payload.
Description
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Exploits (1)
The provided code demonstrates a security-bypass weakness in Perl's TAINT mode, where tainted input can bypass sanitization checks via the `lc()` function. This is a proof-of-concept showing how tainted data remains tainted after case conversion, but does not include an exploit payload.