
Netanel Rubin – The Perl Jam 2. Perl Is Dead (simple to Exploit) [pdf] - SchizoDuckie
https://lab.dsst.io/32c3-slides/slides/7130.pdf
======
DarkLinkXXXX
Is perl6 also vulnerable?

~~~
kbenson
No. Additionally, the CGI module has been deprecated for a while and is non-
core. It's long been known to be problematic, and is around for _backwards
compatibility reasons._

Additionally, there's points in the talk where he's either accidentally
working on really old versions of code, or purposefully using older versions
to get around fixes that have been implemented. For example, Mojolicious has
returned only the _last_ supposed param when using ->param() for a while now
(Oct 2014), and requires you to use ->every_param() otherwise.

Like his prior talk, he's pointing out flaws in a specific module, and flaws
in how it was uses and implemented in some very old projects. This is not a
bug in Perl, it's a bug in the CGI module and Bugzilla and a few older Perl
webapps.

