in reply to Run arbitrary UNIX commands on webserver without telnet
Here's a script I use. It adds a password check.
You'll have to generate the crypted password using the same crypt() routine as the system to which you're uploading the CGI script.
The clear text of the password is left in the HTML source of the output page, so don't leave browser windows open to it.
</list>
Caveats: <list>#!/usr/bin/perl use strict; use CGI qw(header param); $| = 1; print header(); # Crypted password my $HASH = "azEehXEsKGpt6"; # Fetch CGI input my $password = param('password'); my $command = param('command'); # Output HTML print << "END"; <form method="post"> <input type="password" name="password" value="$password"><br> <input type="text" name="command"><br> <input type="submit"> </form> <pre> END # If the password is correct, execute the command if (crypt($password, $HASH) eq $HASH) { system($command); }
-Matt
In Section
Craft