First I would like to thank Alex for adding the point about untainting variables. I was under the false impression that strict forced the -T option in Perl. We learn something new everyday. I must emphasize like Alex did that passing incoming form data directly to the shell is the quickest way to allow a hacker access to your entire server, and is a VERY BAD IDEA. Always untaint!!
As for NT and Perl, it is very very easy to install. Simply download the package from http://www.activestate.com and you'll be able to program in perl like a man with no arms. If you still cannot get your server company to install Perl, you are probably out of luck UNLESS your server supports the PUT method which was developed by Netscape. It basically allows you to dump form data into a file, rather than direct that data into a CGI like POST does.
Unfortunately, there is not alot of actual information available on how to do this, and since NT is generally oriented toward handling items with ActiveX, VBScript, and ASP, you might be out of luck unless you can create a program that can handle input from a POST action and output the data into a file. This is VERY easy to do in Perl.. it makes sense it would work on NT, but Microsoft doesn't always make sense (not an offense, tis a point of fact). Anyhow, there are alpha prototype modules out in CPAN that allow users to manipulate ASP and Frontpage extensions, but I have never attempted to use them, and they would need to be installed on your Linux box to get any sort of function out of em.
Now, all that ranting aside, let me try and post some methods for dealing with this issue, I use some slightly modified modules here, so hopefully you have them installed:
Code:
#!/usr/bin/perl
# This program presents three types of requests.
# A GET, a POST and a PUT. GET allows retrieval
# from a web server, and form data is parsed from the
# environment. POST actually posts data into the CGI
# as standard input. PUT allows putting of data into
# an actual file, but has limited support.
use LWP::UserAgent;
use HTML::Request::Common; # slightly easier to use than HTML::Request
$ua = LWP::UserAgent->new;
# This GET simply gets the URL www.sn.no:
$ua->request(GET 'http://www.sn.no/');
# This GET allows use of some initialized header values,
# these differ from form data:
$ua->request(GET 'http://www.sn.no',
If_Match => 'foo',
From => 'gisle@aas.no');
# This POST posts the data into foo. The form
#variables foo and bar contain the data for the form.
#You could easily make one of these a variable
# That holds the page content you wish to post
# But the target URL: foo, must be able to interpret
# and manipulate this data.
$ua->request(POST 'http://somewhere/foo', [foo => bar, bar => foo]);
# PUT is not well documented, but I will try to post an example.
# Technically, this request SHOULD PUT the content in
# variable $HTML into the test.html file. Try it out and
# let me know if it works:
$ua->request(PUT 'http://mydomain.com/test.html', Content => $HTML);
I am interested to see if these will work. Go ahead and let me know if you have luck with them.
------------------
Fred Hirsch
Web Consultant & Programmer