[] NeoSense
E X P L O I T S
title author type platform port cve id

Perl 5.x - 'lc()' / 'uc()' TAINT Mode Protection Security Bypass

Author: mmartinec
type: remote
platform: linux
port: 
date_added: 2011-03-30 
date_updated: 2014-12-16 
verified: 1 
codes: CVE-2011-1487;OSVDB-75047 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/47124/info

Perl is prone to a security-bypass weakness that occurs when laundering tainted input.

Attackers can leverage this issue to bypass security checks in perl applications that rely on TAINT mode protection functionality. This opens such applications up to potential attacks that take advantage of the software's failure to properly sanitize user-supplied input.

The following example input is available:

> perl -Te 'use Scalar::Util qw(tainted); $t=$0; $u=lc($t); printf("%d,%d\n",tainted($t),tainted($u))'

> perl -Te 'use Scalar::Util qw(tainted); $t=$0; $u=lc($t); printf("%d,%d\n",tainted($t),tainted($u))'
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.