Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

Re: Run arbitrary UNIX commands on webserver without telnet

by DrManhattan (Chaplain)
on Nov 12, 2001 at 20:02 UTC ( #124851=note: print w/ replies, xml ) Need Help??


in reply to Run arbitrary UNIX commands on webserver without telnet

Here's a script I use. It adds a password check.

#!/usr/bin/perl use strict; use CGI qw(header param); $| = 1; print header(); # Crypted password my $HASH = "azEehXEsKGpt6"; # Fetch CGI input my $password = param('password'); my $command = param('command'); # Output HTML print << "END"; <form method="post"> <input type="password" name="password" value="$password"><br> <input type="text" name="command"><br> <input type="submit"> </form> <pre> END # If the password is correct, execute the command if (crypt($password, $HASH) eq $HASH) { system($command); }
Caveats: <list>
  • You'll have to generate the crypted password using the same crypt() routine as the system to which you're uploading the CGI script.
  • The clear text of the password is left in the HTML source of the output page, so don't leave browser windows open to it.
  • </list>

    -Matt


    Comment on Re: Run arbitrary UNIX commands on webserver without telnet
    Download Code

    Log In?
    Username:
    Password:

    What's my password?
    Create A New User
    Node Status?
    node history
    Node Type: note [id://124851]
    help
    Chatterbox?
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others chilling in the Monastery: (12)
    As of 2014-08-22 14:41 GMT
    Sections?
    Information?
    Find Nodes?
    Leftovers?
      Voting Booth?

      The best computer themed movie is:











      Results (158 votes), past polls