1 |
95b003ff
|
Origo
|
#!/bin/bash
|
2 |
|
|
|
3 |
|
|
# This is a simple demo CGI script that illustrates how to use ShellInABox in
|
4 |
|
|
# CGI mode.
|
5 |
|
|
|
6 |
|
|
case "${REQUEST_METHOD}" in
|
7 |
|
|
POST)
|
8 |
|
|
# Retrieve CGI parameter, then start shellinabox with this command
|
9 |
|
|
read parms
|
10 |
|
|
parms="$(printf "$(echo "${parms}"|sed -e 's/%\(..\)/\\x\1/g;s/%/%%/g')")"
|
11 |
|
|
parms="${parms#cmd=}"
|
12 |
|
|
# ../support/shellinabox/shellinaboxd --cgi --cert=/etc/apache2/ssl -s "/:$(id -u):$(id -g):HOME:${parms}"
|
13 |
|
|
../support/shellinabox/shellinaboxd -t --verbose -s "/:$(id -u):$(id -g):HOME:${parms}"
|
14 |
|
|
;;
|
15 |
|
|
|
16 |
|
|
*) # First time that the CGI script was called. Show initial HTML page.
|
17 |
|
|
printf 'Content-Type: text/html\r\n\r\n'
|
18 |
|
|
cat <<EOF
|
19 |
|
|
<html>
|
20 |
|
|
<head>
|
21 |
|
|
<title>Demo CGI for ShellInABox</title>
|
22 |
|
|
</head>
|
23 |
|
|
<body>
|
24 |
|
|
<h1>Shell In A Box</h1>
|
25 |
|
|
|
26 |
|
|
<p>This is a demo CGI script for ShellInABox. It shows how to execute
|
27 |
|
|
ShellInABox in one-shot CGI mode.</p>
|
28 |
|
|
|
29 |
|
|
<p>Please note that we do not implement any access controls. So, this
|
30 |
|
|
script is unsafe to use on any untrusted network. It allows anybody
|
31 |
|
|
on the Internet to run arbitrary commands on your computer!</p>
|
32 |
|
|
|
33 |
|
|
<p>Use this as a template to write your own custom application -- and
|
34 |
|
|
don't forget to add appropriate access controls.</p>
|
35 |
|
|
|
36 |
|
|
<p>Enter command to run:
|
37 |
|
|
<form method="POST">
|
38 |
|
|
<input type="text" name="cmd" style="width: 40em" value="/bin/bash" />
|
39 |
|
|
</form>
|
40 |
|
|
</p>
|
41 |
|
|
</body>
|
42 |
|
|
EOF
|
43 |
|
|
;;
|
44 |
|
|
esac |