Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked

Re: Run arbitrary UNIX commands on webserver without telnet

by DrManhattan (Chaplain)
on Nov 12, 2001 at 20:02 UTC ( #124851=note: print w/ replies, xml ) Need Help??

in reply to Run arbitrary UNIX commands on webserver without telnet

Here's a script I use. It adds a password check.

#!/usr/bin/perl use strict; use CGI qw(header param); $| = 1; print header(); # Crypted password my $HASH = "azEehXEsKGpt6"; # Fetch CGI input my $password = param('password'); my $command = param('command'); # Output HTML print << "END"; <form method="post"> <input type="password" name="password" value="$password"><br> <input type="text" name="command"><br> <input type="submit"> </form> <pre> END # If the password is correct, execute the command if (crypt($password, $HASH) eq $HASH) { system($command); }
Caveats: <list>
  • You'll have to generate the crypted password using the same crypt() routine as the system to which you're uploading the CGI script.
  • The clear text of the password is left in the HTML source of the output page, so don't leave browser windows open to it.
  • </list>


    Comment on Re: Run arbitrary UNIX commands on webserver without telnet
    Download Code

    Log In?

    What's my password?
    Create A New User
    Node Status?
    node history
    Node Type: note [id://124851]
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others romping around the Monastery: (8)
    As of 2015-08-03 09:28 GMT
    Find Nodes?
      Voting Booth?

      The oldest computer book still on my shelves (or on my digital media) is ...

      Results (28 votes), past polls