-
Notifications
You must be signed in to change notification settings - Fork 477
/
cgid.c
67 lines (57 loc) · 1.45 KB
/
cgid.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <ctype.h>
#include <unistd.h>
char *query_string = NULL;
char from_hex(char ch) {
return isdigit(ch) ? ch - '0' : tolower(ch) - 'a' + 10;
}
char* url_decode(char *str) {
char *pstr = str, *buf = malloc(strlen(str) + 1), *pbuf = buf;
while (*pstr) {
if (*pstr == '%') {
if (pstr[1] && pstr[2]) {
*pbuf++ = from_hex(pstr[1]) << 4 | from_hex(pstr[2]);
pstr += 2;
}
} else if (*pstr == '+') {
*pbuf++ = ' ';
} else {
*pbuf++ = *pstr;
}
pstr++;
}
*pbuf = '\0';
return buf;
}
void CGI_INIT(){
dup2(1, 2);
puts("Content-Type: text/plain;charset=UTF-8\n");
}
char* CGI_GET(char *name){
if ( query_string == NULL ){
query_string = getenv("QUERY_STRING");
if (query_string == NULL){
return NULL;
}
}
char *env = strdup(query_string);
char *key = malloc(4096);
char *value = malloc(4096);
char *splitted = strtok(env, "&");
while (splitted != NULL){
sscanf(splitted , "%[^=]=%s", key, value);
if ( strcmp(name, key) == 0 ){
return url_decode(value);
}
splitted = strtok(NULL, "&");
}
return NULL;
}
void do_job(char *b, char *c, char *d){
puts("get shell, plz");
}
void CGI_GET_PASS(char *pass){
strncpy(pass, "hitconctf2015givemeshell", 25);
}