Nebula level16

http://www.exploit-exercises.com/nebula/level16

About
There is a perl script running on port 1616.
To do this level, log in as the level16 account with the password level16 . Files for this level can be found in /home/flag16.

 1#!/usr/bin/env perl 2 3use CGI qw{param}; 4 5print "Content-type: text/html\n\n"; 6 7sub login { 8  $username = $_[0]; 9  $password = $_[1];1011  $username =~ tr/a-z/A-Z/;  # conver to uppercase12  $username =~ s/\s.*//;    # strip everything after a space1314  @output = `egrep "^$username" /home/flag16/userdb.txt 2>&1`;15  foreach $line (@output) {16    ($usr, $pw) = split(/:/, $line);17  1819    if($pw =~ $password) { 20      return 1;21    }22  }2324  return 0;25}2627sub htmlz {28  print("<html><head><title>Login resuls</title></head><body>");29  if($_[0] == 1) {30    print("Your login was accepted<br/>");31  } else {32    print("Your login failed<br/>");33  }  34  print("Would you like a cookie?<br/><br/></body></html>\n");35}3637htmlz(login(param("username"), param("password")));38