Slashdot Mirror


Shell Simulation Via CGI

mischi writes "CGI-Shell simulates a shell using CGI. So everybody who has a CGI-directory on a web-server, also has its own shell on it -- comparable with Telnet or SSH. That's really practical, because most webhosters don't offer a shell (for free) -- but do offer CGI. With CGI-Shell you can execute commands, copy files or just explore your webserver. Even a history and auto-completion with tabulator are included. "

4 of 332 comments (clear)

  1. web brower by Mordac · · Score: 5, Funny

    I look forward to the first web brower implimented using this CGI Shell :)

  2. Doesn't IIS Already Have This? by Aix · · Score: 5, Funny


    GET /scripts/..%255c%255c../winnt/system32/cmd.exe?/c+ dir

    Someone always seems to be trying to run shell commands on my Apache server. I wish they would realize that Apache doesn't have this "shell" feature.

    Seriously, though, this is the most hideously insecure thing I have ever heard of.

    1. Re:Doesn't IIS Already Have This? by Gudlyf · · Score: 5, Funny
      Put this in your .htaccess file and you might get lucky and give them a taste of their own medicine:

      RedirectMatch permanent (.*)c+dir http://127.0.0.1/scripts/..%255c..%255cwinnt/syste m32/cmd.exe?/c+rundll32.exe+shell32.dll,SHExitWind owsEx%201

      --
      Trolls lurk everywhere. Mod them down.
  3. Re:Stop whinging - this is a good thing by geekoid · · Score: 4, Funny

    thus proviong that cLive ;-) is a "Perl programmer with half a brain ". ;)

    --
    The Kruger Dunning explains most post on /. http://en.wikipedia.org/wiki/Dunning%E2%80%93Kruger_effect