Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shell Simulation Via CGI

Posted by Hemos on from the playing-around dept.

mischi writes "CGI-Shell simulates a shell using CGI. So everybody who has a CGI-directory on a web-server, also has its own shell on it -- comparable with Telnet or SSH. That's really practical, because most webhosters don't offer a shell (for free) -- but do offer CGI. With CGI-Shell you can execute commands, copy files or just explore your webserver. Even a history and auto-completion with tabulator are included. "

12 of 332 comments (clear)

  1. web brower by Mordac · · Score: 5, Funny

    I look forward to the first web brower implimented using this CGI Shell :)

  2. WHEN WILL IT SIMULATE WINDOWS XP? by Anonymous Coward · · Score: 0, Funny

    So It actually does something useful? Im sick and tired of all you idiots who think a shell is better than a GUI.

  3. Doesn't IIS Already Have This? by Aix · · Score: 5, Funny


    GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ dir

    Someone always seems to be trying to run shell commands on my Apache server. I wish they would realize that Apache doesn't have this "shell" feature.

    Seriously, though, this is the most hideously insecure thing I have ever heard of.

    --
    Nonperiodic Central Trajectory
    1. Re:Doesn't IIS Already Have This? by Gudlyf · · Score: 5, Funny
      Put this in your .htaccess file and you might get lucky and give them a taste of their own medicine:

      RedirectMatch permanent (.*)c+dir http://127.0.0.1/scripts/..%255c..%255cwinnt/syste m32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWind owsEx%201

      --
      Trolls lurk everywhere. Mod them down.
    2. Re:Doesn't IIS Already Have This? by ebonkyre · · Score: 2, Funny

      Our 404 generates a normal file not found message unless the requested page was "default.ida" or one of the other IIS exploits, in which case it sends:

      Content-type: text/plain

      Hi! How are you?
      I send you this file in order to have your advice
      See you later. Thanks

      Sadly, I'm not aware of any virii that would actually get the joke...

      --
      "Time is an abstract concept devised by carbon-based lifeforms to monitor their ongoing decay." - Thundercleese
    3. Re:Doesn't IIS Already Have This? by corvi42 · · Score: 2, Funny

      How's about this one:

      RedirectMatch permanent (.*)c+dir http://www.microsoft.com/scripts/..%255c..%255cwin nt/syste m32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWind owsEx%201

      --

      There are a thousand forms of subversion, but few can equal the convenience and immediacy of a cream pie -Noel Godin
  4. Re:Shell whores. by The+Bungi · · Score: 2, Funny
    what is the eggdrop bot

    I'm no 1337 geek, but it sounds like breakfast to me. Maybe it has something to do with the Slashdot omelette?

  5. Re:security? by StressedEd · · Score: 2, Funny
    So long as the web admins aren't idiots...
    Heh heh he... Chortle chortle...... Evil cackle.


    I expect this is a big "if".... ;-)

    --
    Be nice to people on the way up. You will meet them again on your way down!
  6. Re:Backdoors by telecaster · · Score: 2, Funny

    the first command through your web server:

    % rm -f -r /

    I'll pass...

  7. Go figure... by foxtrot · · Score: 3, Funny

    Crackers've been getting shells via poorly written CGI for years, but now it's news?

  8. Re:Stop whinging - this is a good thing by geekoid · · Score: 4, Funny

    thus proviong that cLive ;-) is a "Perl programmer with half a brain ". ;)

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect
  9. Re:How about a Java ssh/telnet applet? by PunchMonkey · · Score: 3, Funny

    Yeah, you sure wouldn't find it by googling java ssh or maybe by going to javassh.org.

    I mean... that would just be too easy and too obvious.

    --
    I'll have something intelligent to add one of these days...