Created
February 14, 2019 11:26
-
-
Save HON95/952bf5d88a65cd25635d7d5abf11d803 to your computer and use it in GitHub Desktop.
For a web security lab
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
echo Content-type: text/html | |
echo "" | |
## make POST and GET stings | |
## as bash variables available | |
if [ ! -z $CONTENT_LENGTH ] && [ "$CONTENT_LENGTH" -gt 0 ] && [ $CONTENT_TYPE != "multipart/form-data" ]; then | |
read -n $CONTENT_LENGTH POST_STRING <&0 | |
#eval echo "${POST_STRING//;}"|tr '&' ';' | |
fi | |
#eval echo "${QUERY_STRING//;}"|tr '&' ';' | |
htmlescape() { echo "$1" | sed 's/&/\&/g; s/</\</g; s/>/\>/g; s/"/\"/g; s/'"'"'/\'/g' | sed -z 's/\n/\<br\>/g'; } | |
urldecode() { : "${*//+/ }"; echo -e "${_//%/\\x}"; } | |
command="${POST_STRING#"command="}" | |
command="$(urldecode "$command")" | |
echo "<!DOCTYPE html>" | |
echo "<html>" | |
echo "<head>" | |
echo "</head>" | |
echo "<body>" | |
echo "<div id=\"content-container\">" | |
echo "<div id=\"content-container-center\">" | |
echo "<form id=\"choice\" name='form' method=\"POST\" action=\"./test.sh\">" | |
echo "<input type=\"text\" name=\"command\" autofocus>" | |
echo "<button type=\"submit\">Send</button>" | |
echo "</form>" | |
echo "<div id=\"tip\">" | |
echo "<p>Command: $command</p>" | |
echo "<p>Result:</p>" | |
echo "<pre>$(htmlescape "$($command)")</pre>" | |
echo "</div>" | |
echo "</div>" | |
echo "</div>" | |
echo "</body>" | |
echo "</html>" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment