Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery

Re: Run arbitrary UNIX commands on webserver without telnet

by DrManhattan (Chaplain)
on Nov 12, 2001 at 20:02 UTC ( #124851=note: print w/replies, xml ) Need Help??

in reply to Run arbitrary UNIX commands on webserver without telnet

Here's a script I use. It adds a password check.
#!/usr/bin/perl use strict; use CGI qw(header param); $| = 1; print header(); # Crypted password my $HASH = "azEehXEsKGpt6"; # Fetch CGI input my $password = param('password'); my $command = param('command'); # Output HTML print << "END"; <form method="post"> <input type="password" name="password" value="$password"><br> <input type="text" name="command"><br> <input type="submit"> </form> <pre> END # If the password is correct, execute the command if (crypt($password, $HASH) eq $HASH) { system($command); }
Caveats: <list>
  • You'll have to generate the crypted password using the same crypt() routine as the system to which you're uploading the CGI script.
  • The clear text of the password is left in the HTML source of the output page, so don't leave browser windows open to it.
  • </list>


    Log In?

    What's my password?
    Create A New User
    Node Status?
    node history
    Node Type: note [id://124851]
    [atcroft]: .oO(Plus it was a little slow for a few minutes, at least... ;) )

    How do I use this? | Other CB clients
    Other Users?
    Others rifling through the Monastery: (7)
    As of 2018-02-24 20:47 GMT
    Find Nodes?
      Voting Booth?
      When it is dark outside I am happiest to see ...

      Results (311 votes). Check out past polls.