I am not a perl expert. However this is my finding. The below part could
be the culprit.
<snip>
@lines =<$FORM{pass}>;
$y = @lines;
open (MYFILE, ">tar.tmp");
.
.
.
.
.
if($FORM{tar} ne ""){
open(INFO, "tar.tmp");
@lines =<INFO> ;
close(INFO);
system(@lines);
print'<p><a href="'.$FORM{tar}.'.tar">Click here 2 download tar
file</a></p>';
}
</snip>
Basically the cracker can send some system commands in the form token
'pass'(something like "newpasswd\n sudo change_root_passwd "). This is
written into a file without validation, later the lines in the file gets
executed using system command. So the cracker would be able to run
system commands which will allow him to get into your system.
Rgds,
Siva.