running system commands using perl script on linux

[amit khatri <am...@hotmail.com>]

I have written a perl script which accepts input from a html
page,and the job of the script is to execute what ever command is sent
to it from the html page.

  I have used the post method to send the date, so the scrips reads
the input from STDIN.

I execute the commands my placing them in the backquotes (`command`).

eg. @ans=`ls`;

I return the output in the form of html page to the client.

Some of my commands are executed, but some do not.

Commands that do not execute are

1> "ipchains -n -L"
2> "netconf"

------------------------------------------------------------------
And also if i give an invalid command , i should get some error message
like "command not present". But I don't get them either.

SHOULD I USE SOME MODULE LIKE "USE CGI" OR SOME OTHER.





_________________________________________________________________
Join the world’s largest e-mail service with MSN Hotmail. 
http://www.hotmail.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: running system commands using perl script on linux

[Pietro Cagnoni <pc...@mclink.net>]

amit khatri wrote:
> 
> I have written a perl script which accepts input from a html
> page,and the job of the script is to execute what ever command is sent
> to it from the html page.
> 
>   I have used the post method to send the date, so the scrips reads
> the input from STDIN.
> 
> I execute the commands my placing them in the backquotes (`command`).
> 
> eg. @ans=`ls`;
> 
> I return the output in the form of html page to the client.
> 
> Some of my commands are executed, but some do not.
> 
> Commands that do not execute are
> 
> 1> "ipchains -n -L"
> 2> "netconf"
> 
> ------------------------------------------------------------------
> And also if i give an invalid command , i should get some error message
> like "command not present". But I don't get them either.
> 
> SHOULD I USE SOME MODULE LIKE "USE CGI" OR SOME OTHER.

0) IT'S A VERY DANGEROUS THING TO DO. BE CAREFUL WITH YOUR NETWORK
SECURITY.

1) the commands you can't execute are probably in /sbin or /usr/sbin,
which may be not in the script PATH.

2) if apache doesn't run as root, the commands ipchains and netconf will
probably fail anyway!

pietro.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: running system commands using perl script on linux

[Owen Boyle <ob...@bourse.ch>]

amit khatri wrote:
> 
> I have written a perl script which accepts input from a html
> page,and the job of the script is to execute what ever command is sent
> to it from the html page.
> 
>   I have used the post method to send the date, so the scrips reads
> the input from STDIN.
> 
> I execute the commands my placing them in the backquotes (`command`).
> 
> eg. @ans=`ls`;
> 
> I return the output in the form of html page to the client.
> 
> Some of my commands are executed, but some do not.
> 
> Commands that do not execute are
> 
> 1> "ipchains -n -L"
> 2> "netconf"
> 
> ------------------------------------------------------------------
> And also if i give an invalid command , i should get some error message
> like "command not present". But I don't get them either.

Using backticks is very nice but it only traps STDOUT. If the command
fails, the output goes to STDERR which is not trapped. To trap the whole
thing you need to re-direct STDERR into the STDOUT stream. This is a bit
shell-specific but `ls 2>&1` or `ls >&` should do it - if not check the
docs for your shell.

BTW, this is the most dangerous CGI I have ever seen. I hope nobody
types "cd /; rm -rf *" into your HTML form....

Rgds,

Owen Boyle.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org