in reply to Run arbitrary UNIX commands on webserver without telnet

Here's a script I use. It adds a password check. 
#!/usr/bin/perl

use strict;
use CGI qw(header param);

$| = 1;

print header();

# Crypted password
my $HASH = "azEehXEsKGpt6";

# Fetch CGI input
my $password = param('password');
my $command  = param('command');

# Output HTML
print << "END";

<form method="post">
<input type="password" name="password" value="$password"><br>
<input type="text" name="command"><br>
<input type="submit">
</form>
<pre>

END

# If the password is correct, execute the command
if (crypt($password, $HASH) eq $HASH)
{
        system($command);
}

[download]
Caveats: <list>
  • You'll have to generate the crypted password using the same crypt() routine as the system to which you're uploading the CGI script.
  • The clear text of the password is left in the HTML source of the output page, so don't leave browser windows open to it.
    • </list>

    -Matt

    In Section Craft