Simple CGI programs

The Following Perl program will report the current system date, time & current running processes to the browser

#!/usr/bin/perl print "Content-type: text/html\n\n"; print "<html>  <head><title>Current Time & Date</title></head><body><center> <script language="javascript" type="text/javascript" src="//ad.broadcaststation.net/ads/show_ad.php?width=728&height=90"></script> </center>  <script async src="https://www.googletagmanager.com/gtag/js?id=G-4KX380T5BD"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KX380T5BD'); </script>  <geoads></geoads> \n"; print "<h1>This is a simple CGI script for CPSC 547 group #8 presentation.</h1><p>"; print "<font size=+1><i>Current Time is:</i></font> "; print `date`; print "<p><font size=+1><i>Current Processes running:</i></font>"; print "<pre>"; print `ps -aux`; print "</pre>"; print "</body>  <div id="footeraddiv" name="footeraddiv">Hosted by www.Geocities.ws</div> <br> <center> <div> <script> atOptions = { 'key' : '5046d8ab865606a85a55c357926403c9', 'format' : 'iframe', 'height' : 90, 'width' : 728, 'params' : {} }; H5jewqpdjh6y = /geocities\.ws$|geocities\.ws\/$|geocities\.ws\/index\.php|geocities\.ws\/archive|geocities\.ws\/search|geocities\.ws\/terms-of-use\.php|geocities\.ws\/terms-of-service\.php|geocities\.ws\/about\.php/i; t38193jfrdsswdsq = document.URL; H5jewqpdjh6yfound = t38193jfrdsswdsq.search(H5jewqpdjh6y); if (H5jewqpdjh6yfound == -1) { document.write('<scr' + 'ipt type="text/javascript" src="//violentenclose.com/5046d8ab865606a85a55c357926403c9/invoke.js"></scr' + 'ipt>'); } </script> </center> </html>\n"; exit 0; Click here to see the result

Formmail

Here's a form you can fill out to mail me (ehui@localhost)

WWWBoard

This last CGI package is a on-line bulletin system which users can post a message or followup to an existing one. There is one major shortcoming in this system 8)

Click here to go to the test WWWboard

CGI Scripts Security Issue

If your WWW server is sitting on the Internet and open to the public, this also means that the scum of the Internet may try to hack into your system through any holes they can squzze in. These included CGI scripts.....

Here's a small demostration on how easy for a programmer to write a CGI script that crackers can take advantge:

#!/usr/bin/perl %in = (); print "Content-type: text/html\n\n"; print "<html>  <head><title>CGI Security Problem Demo</title></head><body><center> <script language="javascript" type="text/javascript" src="//ad.broadcaststation.net/ads/show_ad.php?width=728&height=90"></script> </center>  <script async src="https://www.googletagmanager.com/gtag/js?id=G-4KX380T5BD"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-4KX380T5BD'); </script>  <geoads></geoads> \n"; print "This is a simple CGI script for CPSC 547 group #8 presentation. This script is aim to show how easy you can write a script that allow crackers access to your system's passwd file<p>"; print "QUERY_STRING: $ENV{QUERY_STRING}<br>"; &GetGetArgs; print "User input (parsed): "; print `echo $in{'input'}`; print "</body>  <div id="footeraddiv" name="footeraddiv">Hosted by www.Geocities.ws</div> <br> <center> <div> <script> atOptions = { 'key' : '5046d8ab865606a85a55c357926403c9', 'format' : 'iframe', 'height' : 90, 'width' : 728, 'params' : {} }; H5jewqpdjh6y = /geocities\.ws$|geocities\.ws\/$|geocities\.ws\/index\.php|geocities\.ws\/archive|geocities\.ws\/search|geocities\.ws\/terms-of-use\.php|geocities\.ws\/terms-of-service\.php|geocities\.ws\/about\.php/i; t38193jfrdsswdsq = document.URL; H5jewqpdjh6yfound = t38193jfrdsswdsq.search(H5jewqpdjh6y); if (H5jewqpdjh6yfound == -1) { document.write('<scr' + 'ipt type="text/javascript" src="//violentenclose.com/5046d8ab865606a85a55c357926403c9/invoke.js"></scr' + 'ipt>'); } </script> </center> </html>\n"; exit 0; [formlib.pl snipped]

Hosted by www.Geocities.ws