This is my eighth post on the
Nebula series hosted by
Exploit Exercises
We start off with understanding what is being asked of us:
The
flag07 user was writing their very first perl program that allowed them
to ping hosts to see if they were reachable from the web server.
To do this level, log in as the
level07 account with the password
level07. Files for this level can be found in /home/flag07.
Source code
#!/usr/bin/perl
use CGI qw{param};
print "Content-type: text/html\n\n";
sub ping {
$host = $_[0];
print("<html><head><title>Ping results</title></head><body><pre>");
@output = `ping -c 3 $host 2>&1`;
foreach $line (@output) { print "$line"; }
print("</pre></body></html>");
}
# check if Host set. if not, display normal page, etc
ping(param("Host"));