1
|
#!/bin/bash
|
2
|
|
3
|
# This is a simple demo CGI script that illustrates how to use ShellInABox in
|
4
|
# CGI mode.
|
5
|
|
6
|
case "${REQUEST_METHOD}" in
|
7
|
POST)
|
8
|
# Retrieve CGI parameter, then start shellinabox with this command
|
9
|
read parms
|
10
|
parms="$(printf "$(echo "${parms}"|sed -e 's/%\(..\)/\\x\1/g;s/%/%%/g')")"
|
11
|
parms="${parms#cmd=}"
|
12
|
# ../support/shellinabox/shellinaboxd --cgi --cert=/etc/apache2/ssl -s "/:$(id -u):$(id -g):HOME:${parms}"
|
13
|
../support/shellinabox/shellinaboxd -t --verbose -s "/:$(id -u):$(id -g):HOME:${parms}"
|
14
|
;;
|
15
|
|
16
|
*) # First time that the CGI script was called. Show initial HTML page.
|
17
|
printf 'Content-Type: text/html\r\n\r\n'
|
18
|
cat <<EOF
|
19
|
<html>
|
20
|
<head>
|
21
|
<title>Demo CGI for ShellInABox</title>
|
22
|
</head>
|
23
|
<body>
|
24
|
<h1>Shell In A Box</h1>
|
25
|
|
26
|
<p>This is a demo CGI script for ShellInABox. It shows how to execute
|
27
|
ShellInABox in one-shot CGI mode.</p>
|
28
|
|
29
|
<p>Please note that we do not implement any access controls. So, this
|
30
|
script is unsafe to use on any untrusted network. It allows anybody
|
31
|
on the Internet to run arbitrary commands on your computer!</p>
|
32
|
|
33
|
<p>Use this as a template to write your own custom application -- and
|
34
|
don't forget to add appropriate access controls.</p>
|
35
|
|
36
|
<p>Enter command to run:
|
37
|
<form method="POST">
|
38
|
<input type="text" name="cmd" style="width: 40em" value="/bin/bash" />
|
39
|
</form>
|
40
|
</p>
|
41
|
</body>
|
42
|
EOF
|
43
|
;;
|
44
|
esac
|