Nebula level16

http://www.exploit-exercises.com/nebula/level16

About
There is a perl script running on port 1616.
To do this level, log in as the level16 account with the password level16 . Files for this level can be found in /home/flag16.

 1#!/usr/bin/env perl
 2
 3use CGI qw{param};
 4
 5print "Content-type: text/html\n\n";
 6
 7sub login {
 8  $username = $_[0];
 9  $password = $_[1];
10
11  $username =~ tr/a-z/A-Z/;  # conver to uppercase
12  $username =~ s/\s.*//;    # strip everything after a space
13
14  @output = `egrep "^$username" /home/flag16/userdb.txt 2>&1`;
15  foreach $line (@output) {
16    ($usr, $pw) = split(/:/, $line);
17  
18
19    if($pw =~ $password) { 
20      return 1;
21    }
22  }
23
24  return 0;
25}
26
27sub htmlz {
28  print("<html><head><title>Login resuls</title></head><body>");
29  if($_[0] == 1) {
30    print("Your login was accepted<br/>");
31  } else {
32    print("Your login failed<br/>");
33  }  
34  print("Would you like a cookie?<br/><br/></body></html>\n");
35}
36
37htmlz(login(param("username"), param("password")));
38