PERL   19

gated cgi

Guest on 19th August 2022 04:31:16 PM

  1. #!/usr/local/bin/perl
  2.  
  3. # Written by Ilker TEMIR
  4.  
  5. $image="/gif/mweb.gif";
  6. $myself="/cgi-bin/lg.cgi";
  7.  
  8. $gatedaliases="Ankara-GRF400";
  9. $gatedhosts="grf.marketweb.net.tr";
  10. $gatedpasswords="password";
  11.  
  12. print "Content-type: text/html\n";
  13. print "\n";
  14. print "<BODY BGCOLOR=#FFFFFF TEXT=#000000>";
  15.  
  16. if ($ENV{'REQUEST_METHOD'} eq "POST") {
  17.   read (STDIN,$buffer,$ENV{'CONTENT_LENGTH'});
  18. } else {
  19.   $buffer=$ENV {'QUERY_STRING'};
  20. }
  21. @pairs=split(/&/,$buffer);
  22. foreach $pair (@pairs) {
  23.   ($name,$value)=split (/=/,$pair);
  24.   $value=~ tr/+/ /;
  25.   $value=~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C",hex($1))/eg;
  26.   $contents{$name}=$value;
  27. }
  28.  
  29. foreach $gated (split (/\,/,$gatedaliases)) {
  30.         ($gatedhost{"$gated"},$gatedhosts)=split (/\,/,$gatedhosts,2);
  31.         ($gatedpassword{"$gated"},$gatedpasswords)=split (/\,/,$gatedpasswords,2);
  32. }
  33.  
  34. $query=$contents{'query'};
  35. $address=$contents{'address'};
  36. $gatedserver=$contents{'gatedserver'};
  37.  
  38. # Check unallowed characters in address
  39. foreach $ch ('a'..'z',';',':','\>','\<','=') {
  40.         if ($address =~ /$ch/i) {
  41.                 print "Hatali adres girisi yapildi<BR>\n";
  42.                 exit;
  43.         }
  44. }
  45.  
  46. # Now check query in case of an intruders alternate try
  47. if ($query ne "") {
  48.         $checkpass=0;
  49.         foreach $check ('show bgp summary','show ip exact','show ip consume','show ip refines bgp','show ip less bgp','show bgp detail as','show bgp detail ptx','show bgp detail prx') {
  50.                 if ($query eq $check) {
  51.                         $checkpass=1;
  52.                 }
  53.         }
  54.         if (!($checkpass)) {
  55.                 print "Hatali tarama girisi<BR>\n";
  56.                 exit;
  57.         }
  58. }
  59.  
  60. # Check if the gated server is valid
  61. if (($gatedserver ne "") && (($gatedhost{"$gatedserver"} eq "") || ($gatedpassword{"$gatedserver"} eq ""))) {
  62.         print "Hatali gated sunucusu<BR>\n";
  63.         exit;
  64. }
  65.  
  66. if (($query eq "") || ($gatedserver eq "")) {
  67.         print "<BR><IMG SRC=$image><BR><BR>\n";
  68.         print "<B><H3>Secenekler :</H3></B>\n";
  69.         print "<FORM ACTION=lg.cgi METHOD=POST>\n";
  70.         print "<DD><SELECT NAME=gatedserver>";
  71.         foreach $gated (split (/\,/,$gatedaliases)) {
  72.                 print "<OPTION>$gated";
  73.         }
  74.         print "<SELECT>\n<BR><BR>";
  75.         print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp summary'>Show BGP summary\n";
  76.         print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip exact'>Show IP exact ... [x.x.x.x/y]\n";
  77.         print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip consume'>Show IP consume ... [x.x.x.x/y]\n";
  78.         print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip refines bgp'>Show IP refines bgp ... [x.x.x.x/y]\n";
  79.         print "<DD><INPUT TYPE=radio NAME=query VALUE='show ip less bgp'>Show IP less bgp ... [x.x.x.x/y]\n";
  80.         print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp detail as'>Show bgp detail as ... [gated regexp]\n";
  81.         print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp detail ptx'>Show bgp detail ptx ... [AS Peer_IP x.x.x/y]\n";
  82.         print "<DD><INPUT TYPE=radio NAME=query VALUE='show bgp detail prx'>Show bgp detail prx ... [AS Peer_IP x.x.x/y]\n";
  83.         print "<BR><BR><DD>Adres:<INPUT NAME=address>\n";
  84.         print "<BR><BR><INPUT TYPE=SUBMIT VALUE=Gonder>";
  85.         print "<BR><BR>GateD durum monitor yazilimi v0.1 - Ilker TEMIR (<A HREF=mailto:ilker\@marketweb.net.tr>ilker\@marketweb.net.tr</A>)\n";
  86. }
  87. elsif ($ENV {'HTTP_REFERER'} eq $myself) {     
  88.         print "<BR><CENTER><IMG SRC=$image></CENTER>\n";
  89.         print "<H3>Tarama : $query $address ($gatedserver)</H3><BR>\n";
  90.         print "<PRE>\n";
  91.         gatedexec ($gatedserver,"$query $address");
  92.         print "</PRE>\n";
  93.         print "<BR><A HREF=http://ilker.marketweb.net.tr/gdm>GDM v0.1</A> - Ilker TEMIR (<A HREF=mailto:ilker\@marketweb.net.tr>ilker\@marketweb.net.tr</A>)\n";
  94. }
  95. else {
  96.         print "Lutfen programi <A HREF=$myself>$myself</A> adresinden cagiriniz<BR>\n";
  97. }
  98.  
  99. sub gatedexec {
  100.         use Socket;
  101.        
  102.         $port = '';
  103.         $hostname='';
  104.        
  105.         $remote_host=$gatedhost{$_[0]};
  106.         $password=$gatedpassword{$_[0]};
  107.        
  108.         $sockaddr = 'S n a4 x8';
  109.  
  110.         ($name, $aliases, $proto) = getprotobyname('tcp');
  111.  
  112.         $port = 616;
  113.        
  114.         ($name, $aliases, $type, $len, $thisaddr) = gethostbyname($hostname);
  115.         ($name, $aliases, $type, $len, $thataddr) = gethostbyname($remote_host);
  116.        
  117.         $this = pack($sockaddr, &AF_INET, 0, $thisaddr);
  118.         $that = pack($sockaddr, &AF_INET, $port, $thataddr);
  119.  
  120.         if (!socket(S, &AF_INET, &SOCK_STREAM, $proto)) {
  121.                 print "Socket acilamadi.\n";
  122.         exit;
  123.         }
  124.        
  125.         if (!bind(S,$this)) {
  126.                 print "Sockete ulasilamadi\n";
  127.                 exit;
  128.         }
  129.        
  130.         if (!connect(S,$that)) {
  131.                 print "$remote_host:$port baglanti basarisiz\n";
  132.                 exit;
  133.         }
  134.  
  135.         select(S); $| = 1; select(STDOUT);
  136.  
  137.         print S "$password\n";
  138.  
  139.         print S "$_[1]\n";
  140.  
  141.         sleep 1;
  142.  
  143.         print S "quit\n";
  144.  
  145.         $gatedout=<S>;                                  # Skip first line
  146.         $gatedout=<S>;                                  # Skip second line
  147.         while ($gatedout = <S>) {
  148.                 if (!($gatedout =~ /password/i)) {
  149.                         if ($gatedout =~ /gated/i) {
  150.                                 ($temp,$gatedout)=split (/ /,$gatedout,2);
  151.                         }
  152.                         chop ($gatedout);
  153.                         print "$gatedout\n";
  154.                 }
  155.         }
  156. }

Raw Paste


Login or Register to edit or fork this paste. It's free.