Beefy Boxes and Bandwidth Generously Provided by pair Networks
The stupid question is the question not asked
 
PerlMonks  

Re: using CGI to output a system command

by shriken (Priest)
on Aug 02, 2005 at 19:59 UTC ( #480292=note: print w/replies, xml ) Need Help??


in reply to using CGI to output a system command

One quick and dirty hack... This is a seriously hideous backdoor if you leave it on a public server. Remember you "command" start in the CGI directory. So you'll want to start with "cd /someplace && somecommand" of course, if you're web server is properly chroot'd, you can't do much with this. 
#!/usr/bin/perl
# test.cgi
#   A simple test script used to see if a a cgi-bin problem
#   exists.

print "Content-type: text/html\n\n";


$cmd = $ENV{'QUERY_STRING'};
$cmd=~s/^cmd=//;
$cmd=~tr/+/ /;
$cmd=~s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

print <<EOF
<form action="/cgi-bin/command.cgi" method="get">
<input type="text" size="80" name="cmd" value="$cmd" />
</form>
EOF
    ;

print ('command: '.$cmd."<br />\n");

print("<pre>");

$fh = 'FOO';
if ( !open($fh, $cmd.'|') )
{
    print 'error: '.$!."<br />\n";
    exit(0);
}

while ( <$fh> )
{
    print $_;
}

print("</pre>");
exit(0);

[download]

Replies are listed 'Best First'.
Re^2: using CGI to output a system command
by drock (Beadle) on Aug 03, 2005 at 17:42 UTC
    ok people, I was able to get what I needed using OO CGI. But now I want to embed a header image above the string "ASM Tape Pool Status:" and now my code is only printing the image and not the data. Any ideas? thank you, derek 
    #!/usr/bin/perl 
use strict;
use warnings;
use CGI;
#use GD;

$ENV{"PATH"} = qq(/opt/SUNWsamfs/sbin:/usr/bin);

#sub image
#{
        my $imgtype = qw(gif);
        my $imgpath = qq(/var/apache/htdocs/images/logo.gif);
#
        open (IMAGE, $imgpath) or die $!;
#        print "Pragma: no-cache\n";
#        print "Content-type: image/$imgtype\n\n";
#
#        while (read(IMAGE, my $buffer, 16_384) )
#        {
#                print $buffer;
#        }
#
#        close (IMAGE);
#}

my $q1 =new CGI;
print   $q1->header( -type => "image/gif");
while (read(IMAGE, my $buffer, 16_384) )
{
        print $buffer;

my $q =new CGI;
print   $q->header,
        $q->start_html('OHIS ASM server: stkv440'),                   
+  # Header
        $q->h1({-style=>'Color:blue'},'ASM Tape Pool Status:'),       
+  # Body
        open (ARC, "archiver -lv |") or die $!;
        my $flag=0;
        while (<ARC>)
        {
                if (/(?i)allsets/)
                {
                        $flag=1;
                }
                if ($flag==1) 
                {
                        if (/(?i)total space available:/)
                        {
                                print "<p><b><font color=#0000CC><u>$_
+";
                        } else {
                                print "<p></b></font></u>$_";
                        }
                }
        }
        close (ARC);
        close (IMAGE);
        $q->end_html;
}

__BEGIN_DATA__

ASM Tape Pool Status:

allsets 


back.1 

media: sf 

Volumes: 

STK000 

Total space available: 58.8G 


back.2 

media: sf 

Volumes: 

STK005 

Total space available: 58.8G 


clinical1.1

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://480292]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (2)
As of 2023-10-02 14:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found
    Notices?