|
|
|
|
|
|
| |
In this sample we will see
how to call an external cgi into a php script
and include the result as a part of the page
Let's try to get root privileges from php via cgi
to disable a samba user
Note: Security of your system may be
weak if you don't add aditional security to
this sample.
step one we need to create a cgi in this case
in c
----------File: desah.c--------------
----------------BOF------------------
| <?php
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char *argv[])
{
if(getenv("QUERY_STRING")!=NULL)
//argv[1] for command line
{
char cmd[200]="/usr/local/bin/smbpasswd -d -U ";
char *usuario;
char postarg[50]=">/dev/null";
strcpy(usuario,getenv("QUERY_STRING"));
strcat(cmd,usuario);
strcat(cmd,postarg);
setuid(0);
setgid(0);
system(cmd);
}
printf("Content-type: text/plain\n\n");
printf("<html><body> User:");
printf("%s",getenv("QUERY_STRING"));
printf(" Disabled</body></html>");
exit(0);
}
-------------EOF----------------------
compile the file
%gcc desah.c -o disable.cgi
Put the proper execution mode on the file
Must be executable for web server user
%ls -l disable.cgi
%-rwxr-xr-wx
become super user on your system
%su
and add sticky bit to the cgi
#chmod +s disable.cgi (FreeBSD style)
put your cgi into the web server cgi-bin directory
now we need a php interface to control the cgi
?>
<html>
<body>
<form name="cgiMgr" action="<?=$PHP_SELF;?>">
<input type="text" name="usrlogin"><br>
<input type="submit" value="Disable User">
</form>
<?
if ($usrlogin!="")
{
include ("http://your.server.ip.or.dns.name/cgi-bin/disable.cgi?$usrlogin");
}
</body>
</html>
?> | |
Any Comments are welcome
|
|
| Process killer for *nix
Categories : PHP, CGI, Shell Scripting, Linux | | | Query2Report : Generating Html, Pdf and Csv Reports from SQL Query
Categories : PHP, PHP, HTML, PDF, Excel | | | Retrieve text from table and email to your e-
address in pipe delimited format.
Categories : PHP, MySQL | | | Accepts a database & hostname from a user and then HTTP username and password. Uses this to connect to a MySQL database. Produces a form based on the tables it finds there to allow the user to do SELECTs, INSERTs, and DELETEs.
Categories : Databases, PHP, MySQL, Complete Programs | | | A PHP function to encrypt and decrypt a number or string or a combination of the two.
Categories : PHP, Encryption, Security | | | Using $PHP_AUTH_USER and $PHP_AUTH_PW to authenticate.
Categories : Authentication, PHP | | | file class , uploade file , download file already uploaded on another website
Categories : PHP, PHP Classes, Filesystem, Web Services | | | Authorize.net AIM Interface Class v1.0.0
Categories : PHP, PHP Classes, Ecommerce, Payment Gateways | | | Cut your MySQL Connections to 1 line of code
Categories : PHP, Beginner Guides, Databases, MySQL | | | Create Thumbnails - resize an image - jpeg, jpg, gif, png to the specifed width and height in proportion without loosing out on pixcel quality.
Categories : PHP, GD image library, Graphics | | | readline -- Reads a line
Categories : PHP, PHP Functions, Readline | | | a function that builds an HTML select list from any mysql table.
Categories : PHP, MySQL, HTML and PHP | | | Math operations on big numbers
Categories : PHP, Math. | | | phpAds, a complete banner and ad management system with detailled tracking and stats.
Categories : MySQL, Complete Programs, Ecommerce, PHP, Databases | | | Point and Click Interface ala MS Access for creating SQL statements.
Categories : MySQL, Complete Programs, General SQL, PHP, Databases | |
|
|
|
