gated cgi- for Sharing Code and Text.

PERL 56

gated cgi

Guest on 19th August 2022 04:31:16 PM

#!/usr/local/bin/perl
# Written by Ilker TEMIR
$image="/gif/mweb.gif";
$myself="/cgi-bin/lg.cgi";
$gatedaliases="Ankara-GRF400";
$gatedhosts="grf.marketweb.net.tr";
$gatedpasswords="password";
print "Content-type: text/html\n";
print "\n";
print "<BODY BGCOLOR=#FFFFFF TEXT=#000000>";
if ($ENV{'REQUEST_METHOD'} eq "POST") {
read (STDIN,$buffer,$ENV{'CONTENT_LENGTH'});
} else {
$buffer=$ENV {'QUERY_STRING'};
}
@pairs=split(/&/,$buffer);
foreach $pair (@pairs) {
($name,$value)=split (/=/,$pair);
$value=~ tr/+/ /;
$value=~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
$contents{$name}=$value;
}
foreach $gated (split (/\,/,$gatedaliases)) {
($gatedhost{"$gated"},$gatedhosts)=split (/\,/,$gatedhosts,2);
($gatedpassword{"$gated"},$gatedpasswords)=split (/\,/,$gatedpasswords,2);
}
$query=$contents{'query'};
$address=$contents{'address'};
$gatedserver=$contents{'gatedserver'};
# Check unallowed characters in address
foreach $ch ('a'..'z',';',':','\>','\<','=') {
if ($address =~ /$ch/i) {
print "Hatali adres girisi yapildi<BR>\n";
exit;
}
}
# Now check query in case of an intruders alternate try
if ($query ne "") {
$checkpass=0;
foreach $check ('show bgp summary','show ip exact','show ip consume','show ip refines bgp','show ip less bgp','show bgp detail as','show bgp detail ptx','show bgp detail prx') {
if ($query eq $check) {
$checkpass=1;
}
}
if (!($checkpass)) {
print "Hatali tarama girisi<BR>\n";
exit;
}
}
# Check if the gated server is valid
if (($gatedserver ne "") && (($gatedhost{"$gatedserver"} eq "") || ($gatedpassword{"$gatedserver"} eq ""))) {
print "Hatali gated sunucusu<BR>\n";
exit;
}
if (($query eq "") || ($gatedserver eq "")) {
print "<BR><IMG SRC=$image><BR><BR>\n";
print "<B><H3>Secenekler :</H3></B>\n";
print "<FORM ACTION=lg.cgi METHOD=POST>\n";
print "<DD><SELECT NAME=gatedserver>";
foreach $gated (split (/\,/,$gatedaliases)) {
print "<OPTION>$gated";
}
print "<SELECT>\n<BR><BR>";
print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp summary'>Show BGP summary\n";
print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip exact'>Show IP exact ... [x.x.x.x/y]\n";
print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip consume'>Show IP consume ... [x.x.x.x/y]\n";
print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip refines bgp'>Show IP refines bgp ... [x.x.x.x/y]\n";
print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip less bgp'>Show IP less bgp ... [x.x.x.x/y]\n";
print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp detail as'>Show bgp detail as ... [gated regexp]\n";
print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp detail ptx'>Show bgp detail ptx ... [AS Peer_IP x.x.x/y]\n";
print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp detail prx'>Show bgp detail prx ... [AS Peer_IP x.x.x/y]\n";
print "<BR><BR><DD>Adres:<INPUT NAME=address>\n";
print "<BR><BR><INPUT TYPE=SUBMIT VALUE=Gonder>";
print "<BR><BR>GateD durum monitor yazilimi v0.1 - Ilker TEMIR (<A HREF=mailto:ilker\@marketweb.net.tr>ilker\@marketweb.net.tr</A>)\n";
}
elsif ($ENV {'HTTP_REFERER'} eq $myself) {
print "<BR><CENTER><IMG SRC=$image></CENTER>\n";
print "<H3>Tarama : $query $address ($gatedserver)</H3><BR>\n";
print "<PRE>\n";
gatedexec ($gatedserver,"$query $address");
print "</PRE>\n";
print "<BR><A HREF=http://ilker.marketweb.net.tr/gdm>GDM v0.1</A> - Ilker TEMIR (<A HREF=mailto:ilker\@marketweb.net.tr>ilker\@marketweb.net.tr</A>)\n";
}
else {
print "Lutfen programi <A HREF=$myself>$myself</A> adresinden cagiriniz<BR>\n";
}
sub gatedexec {
use Socket;
$port = '';
$hostname='';
$remote_host=$gatedhost{$_[0]};
$password=$gatedpassword{$_[0]};
$sockaddr = 'S n a4 x8';
($name, $aliases, $proto) = getprotobyname('tcp');
$port = 616;
($name, $aliases, $type, $len, $thisaddr) = gethostbyname($hostname);
($name, $aliases, $type, $len, $thataddr) = gethostbyname($remote_host);
$this = pack($sockaddr, &AF_INET, 0, $thisaddr);
$that = pack($sockaddr, &AF_INET, $port, $thataddr);
if (!socket(S, &AF_INET, &SOCK_STREAM, $proto)) {
print "Socket acilamadi.\n";
exit;
}
if (!bind(S,$this)) {
print "Sockete ulasilamadi\n";
exit;
}
if (!connect(S,$that)) {
print "$remote_host:$port baglanti basarisiz\n";
exit;
}
select(S); $| = 1; select(STDOUT);
print S "$password\n";
print S "$_[1]\n";
sleep 1;
print S "quit\n";
$gatedout=<S>; # Skip first line
$gatedout=<S>; # Skip second line
while ($gatedout = <S>) {
if (!($gatedout =~ /password/i)) {
if ($gatedout =~ /gated/i) {
($temp,$gatedout)=split (/ /,$gatedout,2);
}
chop ($gatedout);
print "$gatedout\n";
}
}
}

Raw Paste

#!/usr/local/bin/perl

# Written by Ilker TEMIR

$image="/gif/mweb.gif";
$myself="/cgi-bin/lg.cgi";

$gatedaliases="Ankara-GRF400";
$gatedhosts="grf.marketweb.net.tr";
$gatedpasswords="password";

print "Content-type: text/html\n";
print "\n";
print "<BODY BGCOLOR=#FFFFFF TEXT=#000000>";

if ($ENV{'REQUEST_METHOD'} eq "POST") {
  read (STDIN,$buffer,$ENV{'CONTENT_LENGTH'});
} else {
  $buffer=$ENV {'QUERY_STRING'};
}
@pairs=split(/&/,$buffer);
foreach $pair (@pairs) {
  ($name,$value)=split (/=/,$pair);
  $value=~ tr/+/ /;
  $value=~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
  $contents{$name}=$value;
}

foreach $gated (split (/\,/,$gatedaliases)) {
	($gatedhost{"$gated"},$gatedhosts)=split (/\,/,$gatedhosts,2);
	($gatedpassword{"$gated"},$gatedpasswords)=split (/\,/,$gatedpasswords,2);
}

$query=$contents{'query'};
$address=$contents{'address'};
$gatedserver=$contents{'gatedserver'};

# Check unallowed characters in address
foreach $ch ('a'..'z',';',':','\>','\<','=') {
	if ($address =~ /$ch/i) {
		print "Hatali adres girisi yapildi<BR>\n";
		exit;
	}
}

# Now check query in case of an intruders alternate try
if ($query ne "") {
	$checkpass=0;
	foreach $check ('show bgp summary','show ip exact','show ip consume','show ip refines bgp','show ip less bgp','show bgp detail as','show bgp detail ptx','show bgp detail prx') {
		if ($query eq $check) {
			$checkpass=1;
		}
	}
	if (!($checkpass)) {
		print "Hatali tarama girisi<BR>\n";
		exit;
	}
}

# Check if the gated server is valid
if (($gatedserver ne "") && (($gatedhost{"$gatedserver"} eq "") || ($gatedpassword{"$gatedserver"} eq ""))) {
	print "Hatali gated sunucusu<BR>\n";
	exit;
}

if (($query eq "") || ($gatedserver eq "")) {
	print "<BR><IMG SRC=$image><BR><BR>\n";
	print "<B><H3>Secenekler :</H3></B>\n";
	print "<FORM ACTION=lg.cgi METHOD=POST>\n";
	print "<DD><SELECT NAME=gatedserver>";
	foreach $gated (split (/\,/,$gatedaliases)) {
		print "<OPTION>$gated";
	}
	print "<SELECT>\n<BR><BR>";
	print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp summary'>Show BGP summary\n";
	print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip exact'>Show IP exact ... [x.x.x.x/y]\n";
	print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip consume'>Show IP consume ... [x.x.x.x/y]\n";
	print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip refines bgp'>Show IP refines bgp ... [x.x.x.x/y]\n";
	print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip less bgp'>Show IP less bgp ... [x.x.x.x/y]\n";
	print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp detail as'>Show bgp detail as ... [gated regexp]\n";
	print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp detail ptx'>Show bgp detail ptx ... [AS Peer_IP x.x.x/y]\n";
	print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp detail prx'>Show bgp detail prx ... [AS Peer_IP x.x.x/y]\n";
	print "<BR><BR><DD>Adres:<INPUT NAME=address>\n";
	print "<BR><BR><INPUT TYPE=SUBMIT VALUE=Gonder>";
	print "<BR><BR>GateD durum monitor yazilimi v0.1 - Ilker TEMIR (<A HREF=mailto:ilker\@marketweb.net.tr>ilker\@marketweb.net.tr</A>)\n";
}
elsif ($ENV {'HTTP_REFERER'} eq $myself) {	
	print "<BR><CENTER><IMG SRC=$image></CENTER>\n";
	print "<H3>Tarama : $query $address ($gatedserver)</H3><BR>\n";
	print "<PRE>\n";
	gatedexec ($gatedserver,"$query $address");
	print "</PRE>\n";
	print "<BR><A HREF=http://ilker.marketweb.net.tr/gdm>GDM v0.1</A> - Ilker TEMIR (<A HREF=mailto:ilker\@marketweb.net.tr>ilker\@marketweb.net.tr</A>)\n";
}
else {
	print "Lutfen programi <A HREF=$myself>$myself</A> adresinden cagiriniz<BR>\n";
}

sub gatedexec {
	use Socket;
	
	$port = '';
	$hostname='';
	
	$remote_host=$gatedhost{$_[0]};
	$password=$gatedpassword{$_[0]};
	
	$sockaddr = 'S n a4 x8';

($name, $aliases, $proto) = getprotobyname('tcp');

$port = 616;
	
	($name, $aliases, $type, $len, $thisaddr) = gethostbyname($hostname);
	($name, $aliases, $type, $len, $thataddr) = gethostbyname($remote_host);
	
	$this = pack($sockaddr, &AF_INET, 0, $thisaddr);
	$that = pack($sockaddr, &AF_INET, $port, $thataddr);

if (!socket(S, &AF_INET, &SOCK_STREAM, $proto)) { 
		print "Socket acilamadi.\n"; 
	exit;
	}
	
	if (!bind(S,$this)) { 
		print "Sockete ulasilamadi\n";
		exit;
	}
	
	if (!connect(S,$that)) { 
		print "$remote_host:$port baglanti basarisiz\n"; 
		exit;
	}

select(S); $| = 1; select(STDOUT);

print S "$password\n";

print S "$_[1]\n";

sleep 1;

print S "quit\n";

$gatedout=<S>;					# Skip first line
	$gatedout=<S>;					# Skip second line
	while ($gatedout = <S>) {
		if (!($gatedout =~ /password/i)) {
			if ($gatedout =~ /gated/i) {
				($temp,$gatedout)=split (/ /,$gatedout,2);
			}
			chop ($gatedout);
			print "$gatedout\n";
		}
	}
}