Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?

Re: Run arbitrary UNIX commands on webserver without telnet

by DrManhattan (Chaplain)
on Nov 12, 2001 at 20:02 UTC ( #124851=note: print w/replies, xml ) Need Help??

in reply to Run arbitrary UNIX commands on webserver without telnet

Here's a script I use. It adds a password check.
#!/usr/bin/perl use strict; use CGI qw(header param); $| = 1; print header(); # Crypted password my $HASH = "azEehXEsKGpt6"; # Fetch CGI input my $password = param('password'); my $command = param('command'); # Output HTML print << "END"; <form method="post"> <input type="password" name="password" value="$password"><br> <input type="text" name="command"><br> <input type="submit"> </form> <pre> END # If the password is correct, execute the command if (crypt($password, $HASH) eq $HASH) { system($command); }
Caveats: <list>
  • You'll have to generate the crypted password using the same crypt() routine as the system to which you're uploading the CGI script.
  • The clear text of the password is left in the HTML source of the output page, so don't leave browser windows open to it.
  • </list>


    Log In?

    What's my password?
    Create A New User
    Node Status?
    node history
    Node Type: note [id://124851]
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others perusing the Monastery: (3)
    As of 2016-10-23 04:03 GMT
    Find Nodes?
      Voting Booth?
      How many different varieties (color, size, etc) of socks do you have in your sock drawer?

      Results (300 votes). Check out past polls.