1

I am still fairly new to this and I am trying to run this CGI Script on my apache server. When I go to the webpage all I get is a blank page. What am I doing wrong?

#!/usr/bin/perl 
use CGI qw(:standard);
print"Content-type: text/html \n\n";
$cost=param('cost');
$num=param('number');
$rev=param('revenue');
$avg = $cost/$num;
$avg=sprintf("%.2f",$avg);
$gp = $rev - $cost;
print "Project Cost Last Year was  \$ $cost .<p>"; 
print "We completed $num projects during the year."; 
print " That works out to an average of \$ $avg cost per project.";
print "<p>Our annual project revenue was \$ $rev <br>";
print "We made a gross profit of \$ $gp \n";

That is my current code for the script. I have made sure that my the file is executable as well.

  • Can you also show the code where you execute the CGI script? – Håkon Hægland Nov 28 '22 at 21:09
  • What do you mean? I execute it by going into the web browser and going to http://myip/cgi-bin/cgi.cgi. –  Nov 28 '22 at 21:24
  • Have a read here https://stackoverflow.com/a/2165040/2836621 Not sure if it matters but you have a space before `\n\n`. – Mark Setchell Nov 28 '22 at 21:41
  • 1) What URL did you use? (The parameter part) 2) What HTTP status code did you get (Check the network tab of your browser's console.) 3) If 500, what does your error log say? – ikegami Nov 28 '22 at 22:02
  • Probably? Division by zero. – ikegami Nov 28 '22 at 22:02
  • @Mark Setchell, Unusual, but not a problem – ikegami Nov 28 '22 at 22:03
  • @logan, Your code suffers from MAJOR security bugs. Specifically, [code injection](https://en.wikipedia.org/wiki/Code_injection) bugs which can easily be exploited for cross-site scripting attacks and url redirection attacks. – ikegami Nov 28 '22 at 22:06
  • the url i used was 192.168.1.49/cgi-bin/cgi.cgi, I dont get any error code just a blank white screen –  Nov 28 '22 at 22:11
  • I'm not using the code for serious use, just trying to learn it and playing around with it –  Nov 28 '22 at 22:12
  • I presume you configured apache to run CGI scripts and restarted it https://httpd.apache.org/docs/2.4/howto/cgi.html – Mark Setchell Nov 28 '22 at 22:22
  • @MarkSetchell yes i did –  Nov 28 '22 at 22:35
  • *"going to myip/cgi-bin/cgi.cgi"* Are there any other cgi scripts in that directory? Can you try run them also? To verify that the problem only occurs for the perl script. Can you show the httpd.conf file your server is using? – Håkon Hægland Nov 28 '22 at 22:41
  • Please click [edit] and add in a) the output of `ls -l` in the cgi-bin directory, b) the relevant parts of your apache config file c) the result of running your script directly from your command-line, d) latest lines from apache logs. Thanks. – Mark Setchell Nov 28 '22 at 22:42
  • 1
    @logan If this is a learning project, you might be better off not using CGI. As documented here: https://metacpan.org/pod/CGI::Alternatives – TLP Nov 28 '22 at 22:57
  • Re "*I dont get any error code*", **Every** HTTP/HTTPS response includes a status code, including successful ones. I told you how to obtain it in my earlier comment. – ikegami Nov 28 '22 at 23:38
  • @logan: When you get unexplained behaviour from a CGI program, rule 1 is to check the web server's error log. – Dave Cross Nov 29 '22 at 12:29

1 Answers1

4

the url i used was 192.168.1.49/cgi-bin/cgi.cgi

I believe you mean http://192.168.1.49/cgi-bin/cgi.cgi.

Given that request URL, what exactly do you expect to happen for the following?

$cost=param('cost');
$num=param('number');
$rev=param('revenue');
$avg = $cost/$num;

Since you didn't provide a value for the number parameter, $num is undef and treated as zero in $avg = $cost/$num;.

Division by zero makes the CPU sad.

You should have figured this out yourself.

An exception like this would have caused the server to return an HTTP status of 500. This indicates you should read your error logs, where you would have found the following message:

Illegal division by zero at [filename] line 7.

If you had used use warnings; as normal, you would also have received these errors:

Use of uninitialized value $num in division (/) at [filename] line 7.
Use of uninitialized value $cost in division (/) at [filename] line 7.

Always use use strict; use warnings;.

Your code suffers from MAJOR security bugs.

Specifically, your code suffers from code injection bugs which can easily be exploited for cross-site scripting attacks and url redirection attacks.

Text included in HTML needs to be converted to HTML.

ikegami
  • 367,544
  • 15
  • 269
  • 518