Some script kiddie attacks cause HTML::FormHandler to die

[robrwo]

The following HTTP request from a script kiddie seems to cause one of our forms to die:

GET /path?arg1=keywords&arg2=MTUyNjk4MDk3MA

or the parameters have strings such as

arg1=eval%28chr%28112%29.chr%28114%29.chr%28105%29.chr%28110%29.chr%28116%29.

where the parameters are form parameters. FWIW this is used in a Starman/Catalyst app.

The logged errors are

Cannot delegate clear_errors to clear_errors because the value of result is not defined at inline delegation in HTML::FormHandler::Field for result->clear_errors (attribute declared in /opt/app/local/lib/perl5/HTML/FormHandler/Field.pm at line 33) line 6#012#011 HTML::FormHandler::Field::clear_errors('HTML::FormHandler::Field::Integer::1=HASH(0x118db808)') called at /opt/app/local/lib/perl5/HTML/FormHandler/Validate.pm line 55#012#011 HTML::FormHandler::Validate::validate_field('HTML::FormHandler::Field::Integer::1=HASH(0x118db808)') called at /opt/app/local/lib/perl5/HTML/FormHandler/Fields.pm line 131#012#011 HTML::FormHandler::Fields::_fields_validate('HTML::FormHandler::Field::Compound::9=HASH(0x118df740)') called at /opt/app/local/lib/perl5/HTML/FormHandler/Validate.pm line 95#012#011 HTML::FormHandler::Validate::validate_field('HTML::FormHandler::Field::Compound::9=HASH(0x118df740)') called at /opt/app/local/lib/perl5/HTML/FormHandler/Fields.pm line 131#012#011

Note that I've changed specific details of the form, paths and params above. If you need more details please contact me offline (in case this is an attack specific to the site I am working on or on FormHandler).

I suspect this is attacking a specific PHP app since in one of the requests the user agent string was

MTUyNjk4MDk3MA <?php eval(chr(112).chr(114).chr(105).chr(110).chr(116).chr(40).chr(39).chr(49).chr(55).chr(73).chr(53).chr(51).chr(48).chr(86).chr(65).chr(117).chr(52).chr(39).chr(41).chr(59)); ?>