<html> <head> <title>Command</title> <style type="text/css"> .area { width:100%; height:90%; } </style> </head> <body> <textarea class="area" readonly="readonly"> <?php if($sys == NULL){} else { $cmd = system($sys); echo $cmd; } ?> </textarea> <form method="post"> <input type="text" name="sys" /> <input type="submit" value="Command" /> </form> </body> </html>you can try commands like ping, arp, del, mkdir, ....etc
MSDOS Commands
#1
Posted 01 June 2006 - 09:45 AM
#2
Posted 01 June 2006 - 02:21 PM
So if I insert in the form "shutdown -s" it'll do that to my computer? Or my server?
Anyway, thanks for sharing.
#3
Posted 02 June 2006 - 05:52 PM
indigo, it wouldnt do either
shutdown wouldnt work on the server.
#4
Posted 16 June 2006 - 11:07 AM
#5
Posted 19 June 2006 - 05:49 PM
if( $sys == NULL ) { } else { $cmd = system($sys); echo $cmd; }
you can use
if( $sys != NULL ) { $cmd = system($sys); echo $cmd; }which is alot simpler, clearer and it saves resources if even only a fraction.
Also i doubt, unless you have a Dedicated or Virutal Private Server your username will have access to shut the server down. Imagine the amount of support tickets when, potentially, hundreds of users sites go down? Your host wouldn't be happy.
#6
Posted 20 June 2006 - 07:56 AM
Edited by matthewJ, 21 December 2006 - 12:37 PM.
#7
Posted 21 June 2006 - 12:14 AM
it will work on a windows server with apache not with iis or you can try other commands on linux line w, uname -a, or in windows ping, arp, ..etc
Wrong, shutdown -s will NOT work on Apache on windows, it also doesn'tw ork on IIS
ping, ipconfig, etc works but obviously not shutdown, its too big of a security risk
Oh yea, shells like wget won't work either
O yea, fyi, I tried all the stuff I claimed
#8
Posted 13 July 2006 - 06:00 AM
FOR EXAMPLE
$cmd = cat /etc/passwd; $sys = system($cmd); echo $sys;I've tried it on my server.. I should try it on my host.. but I'm sure someone can correct me if I'm wrong btw I'm running Linux..
Edited by Hit3k, 13 July 2006 - 06:05 AM.
#9
Posted 15 December 2006 - 06:20 AM
Wrong, shutdown -s will NOT work on Apache on windows, it also doesn'tw ork on IIS ping, ipconfig, etc works but obviously not shutdown, its too big of a security risk Oh yea, shells like wget won't work either O yea, fyi, I tried all the stuff I claimed smile.gif
I tried it with apache2triad and shutdown -s -t 0 works fine and all other msdos commands with Windows XP Service Pack 2
#10
Posted 15 December 2006 - 10:55 AM
#11
Posted 21 December 2006 - 04:29 AM
Edited by PlaGuEX, 21 December 2006 - 04:44 AM.
#12 _*Ultimate`_*
Posted 09 January 2008 - 02:09 AM
#13
Posted 21 January 2008 - 07:31 AM
Also to reduce the security risk, have an array of safe commands to run, do a check to see if the command that is trying to be run is within that array, if it is, run it, if it isn't, kill the script.
Matt
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users