TUCoPS :: Web :: Apps :: mastcgi.txt

Mastergate/add.cgi - an In Depth Look

From harry_murphy_2002@yahoo.com Thu Aug 29 16:15:44 2002
From: "Harry Murphy" <harry_murphy_2002@yahoo.com>
Newsgroups: alt.2600.hackerz
Subject: An in depth look at mastergate/add.cgi
Date: Fri, 30 Aug 2002 00:15:44 +0100
Organization: Altopia Corp. - Usenet Access - http://www.altopia.com
Lines: 327
Message-ID: <akma4d$snl$0@pita.alt.net>
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.00.2014.211
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211
Path: nubby2.!newsfeed4.cidera.com!newsfeed1.cidera.com!Cidera!news.maxwell.syr.edu!news.alt.net!usenet
Xref: nubby2 alt.2600.hackerz:248057

A lot of you guys porb don't know what a mastergate is but just read this!
I will at a later date give more info on them! :)


An in depth look at mastergate/add.cgi

To start with, anything you see in # this is just a comment and is not used
by perl
So here is the script, i will go through it at each subroutine, so have a
good look at it.
Basically the script is made up of several sub routines. eg. Validate post
is authentic,
Create password for new user and so on. WHat it will do is take the post
data from your
form and pass it into some variables, which can then be used in different
sections of the
script, ultimately leading to your new userass combo

###########################################################
# IBILL PROCESSOR Version 5.0
# Copyright 1998 Telecore Media International, Inc.
webmaster@superscripts.com
# Created 9/12/97 Last Modified 8/15/98
###########################################################
# COPYRIGHT NOTICE
# Copyright 1998 Telecore Media International, Inc. - All Rights Reserved.
# http://www.superscripts.com
# Selling the code for this program without prior written consent is
# expressly forbidden.
# Obtain written permission before redistributing this software over the
Internet or
# in any other medium. In all cases copyright and header must remain intact.
###########################################################
#
# Ok so the first piece we look at is collecting the info from the input
boxes
# on the html page, subroutine &form_parse; and making sure the referer is
right
# subroutine &refergate;
# Then its setting some variables for the data to be passed into. If we are
to exploit
# this script we need to know these names eg. $expire=$FORM{'expire');
# The variable $expire is set and then it is named 'expire'
# so any data that is written into the textbox 'expire' will be passed to
this
# variable. For our purpose here we only need expire, username, and password
#
###########################################################

print "Content-Type: text/html\n\n";

&form_parse;
&refergate;

$expire=$FORM{'expire'};
$pincode=$FORM{'pincode'};
$username=$FORM{'username'};
$password = $FORM{'password'};
$transaction = $FORM{'transaction'};
$subscription = $FORM{'subscription'};
$billingmethod = $FORM{'billingmethod'};
chomp $billingmethod;

&lookup;
&encrypt;
&save;

print "User Added\n";


exit;
############################################################

# VALIDATE POST IS AUTHENTIC
############################################################

#
# This section checks to see if you are coming from a referer
# that they specify in the config file. Usually if you use
# the same url as the sites url then it will accept it
# If $flag ne "OK" (ne means not equal) then you get
# PERMISSION DENIED
#
############################################################


sub refergate {
if ($ENV{'HTTP_REFERER'} =~ /$localurl/i) {
$flag = "OK";
}
if ($ENV{'HTTP_REFERER'} =~ /$remoteurl/i) {
$flag = "OK";
}
if ($flag ne "OK"){
print "Content-Type: text/html\n\n";
print "PERMISSION DENIED: $ENV{'HTTP_REFERER'}";
exit;
}
}
############################################################

# CREATE A PASSWORD FOR THE NEW USER
############################################################

#
# This subroutine will take the password that you have entered,
# which is stored in variable $password and encrypt it and store
# it in variable $crypted ready for addition to the passwd file.
#
############################################################


sub encrypt {

srand(time||$$);
for ($char=1; $char<=3; $char++)
{
$letter=pack("c", (int(rand(23)+65)));
$seed .= $letter;
}

chomp $password;
$crypted = crypt($password,"$seed");
}
############################################################

# CHECK TO MAKE SURE USER DOESNT EXIST
############################################################

#
# What this does is load the whole passwd file into a variable
# @passwords and splits them at the ':'. Then it checks to see if
# the username exists 'if ($checkusername eq $FORM{'username'})
# and if it does it will send you a messge saying ***** is unavailable.
#
############################################################



sub lookup {
open (PASSWORDS, "$accessfile");
@passwords=;

foreach $passwords (@passwords) {
($checkusername,$checkpass)=split(/:/,$passwords);

if ($checkusername eq $FORM{'username'}) {


print <
$username is unavailable. Please choose another login ID


ENDOFPAGE

exit;
}}}
############################################################

# SAVE NEW ACCOUNT INFORMATION TO YOUR PASSWORD DATABSE
############################################################

#
# In this subroutine the script opens the userdatabase and the
# accessfile and adds the user:encrypted pass combo to them
# and then closes both files. It also opens the ccbill.log file
# (which you all know about and logs the addition to the
# database.
#
############################################################


sub save {
&todayjulean;

open (FILE, ">>$userdatabase");
flock(FILE, 2);
print FILE " $username|$crypted|$pincode|$transaction|$subscription|$toda
y|$expire\n";
flock(FILE, 8);
close (FILE);

open (FILE, ">>$accessfile");
flock(FILE, 2);
print FILE "$username:$crypted\n";
flock(FILE, 8);
close (FILE);

open (FILE, ">>$logfile");
flock(FILE, 2);
print FILE " $today|$username|$password|noemail|noname|nowebfile|$pincode
|$transaction|$subscription|$expire\n";
flock(FILE, 8);
close (FILE);

}
############################################################

# FORM PARSING
############################################################

#
# This is the subroutine that coolects the information from
# the html page that you entered your data into Basically
# what its doing is loading it all into a buffer and then
# splitting it up into its correct variables.
#
############################################################


sub form_parse {
read (STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);

foreach $pair (@pairs)
{
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}}
############################################################

# DATE ROUTINES
############################################################

#
# And last, you dont need to know any of this for what you
# want to do
#
############################################################

sub date {
$date=localtime(time);
($day, $month, $no, $hr, $year) = split (/\s+/,$date);
$return_date = "$hr, $month $no";
if ($month =~ /jan/i) {$month=1}
elsif ($month =~ /feb/i) {$month=2}
elsif ($month =~ /mar/i) {$month=3}
elsif ($month =~ /apr/i) {$month=4}
elsif ($month =~ /may/i) {$month=5}
elsif ($month =~ /jun/i) {$month=6}
elsif ($month =~ /jul/i) {$month=7}
elsif ($month =~ /aug/i) {$month=8}
elsif ($month =~ /sep/i) {$month=9}
elsif ($month =~ /oct/i) {$month=10}
elsif ($month =~ /nov/i) {$month=11}
elsif ($month =~ /dec/i) {$month=12}
}

sub todayjulean {
&date;
$date=localtime(time);
@date=split (/\s+/, $date);
&julean ($month, @date[2], @date[4]);
$today = $jule;

}

sub julean{
#
# Julean date based on Jan. 1, 1992 being day 1.
# Takes date in Month, day, and year order and finds julean date.
# Outputs julean number for inputted date.
#
# This sub written by David Moose Pitts and modified by Rich Bowen
#
# Usage: &julean(month, day, year);

$thisdayjulean=0;

@months=(0,31,28,31,30,31,30,31,31,30,31,30,31);

$local_month=$_[0];
$tday=$_[1];
$tyear=$_[2];
$leapdays=((($tyear-1992)/4)+1); #must be a leap year, so I chose 1992

# This section drops the remainder of the leap day for the year.
$leapdays2=(($tyear-1992)%4);
$leapdays-=($leapdays2*0.25);
if ($tyear>=2000) {$leapdays-= 1}; #even 100 year years do not have
# leap days in them
$local_thisyear=$tyear-1992;
for ($local_i=1;$local_i<=$local_thisyear;$local_i++) {
$thisdayjulean+=365;}
for ($local_i=1;$local_i<$local_month;$local_i++) { #minus 1 because current
month not complete
$thisdayjulean+=@months[$local_i]}
if ($local_month<3 && $leapdays2==0) {$leapdays--};
$thisdayjulean+=$leapdays+$tday;
$jule=$thisdayjulean;
}

sub footer {print "";}

sub redirect {
$loc=$_[0];
print"Location: $_ \n\n"; }

sub month_txt {
($_)=@_;
if ($_==1) {$month_txt = "January"}
elsif ($_==2) {$month_txt="February"}
elsif ($_==3) {$month_txt="March"}
elsif ($_==4) {$month_txt="April"}
elsif ($_==5) {$month_txt="May"}
elsif ($_==6) {$month_txt="June"}
elsif ($_==7) {$month_txt="July"}
elsif ($_==8) {$month_txt="August"}
elsif ($_==9) {$month_txt="September"}
elsif ($_==10) {$month_txt="October"}
elsif ($_==11) {$month_txt="November"}
elsif ($_==12) {$month_txt="December"}
else {$month_txt="ERROR"};
}




--------------------------------------------------------

So you see it is rather easy to work out what the script is doing
if you have a good look through it and try and make some sence of
it.




TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH