)\ * * originally based on m0n0wall (http://m0n0.ch/wall) * Copyright (c) 2003-2004 Manuel Kasper . * All rights reserved. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ ##|+PRIV ##|*IDENT=page-diagnostics-command ##|*NAME=Diagnostics: Command ##|*DESCR=Allow access to the 'Diagnostics: Command' page. ##|*MATCH=diag_command.php* ##|-PRIV $allowautocomplete = true; require_once("guiconfig.inc"); if ($_POST['submit'] == "DOWNLOAD" && file_exists($_POST['dlPath'])) { session_cache_limiter('public'); $fd = fopen($_POST['dlPath'], "rb"); header("Content-Type: application/octet-stream"); header("Content-Length: " . filesize($_POST['dlPath'])); header("Content-Disposition: attachment; filename=\"" . trim(htmlentities(basename($_POST['dlPath']))) . "\""); if (isset($_SERVER['HTTPS'])) { header('Pragma: '); header('Cache-Control: '); } else { header("Pragma: private"); header("Cache-Control: private, must-revalidate"); } fpassthru($fd); exit; } else if ($_POST['submit'] == "UPLOAD" && is_uploaded_file($_FILES['ulfile']['tmp_name'])) { move_uploaded_file($_FILES['ulfile']['tmp_name'], "/tmp/" . $_FILES['ulfile']['name']); $ulmsg = sprintf(gettext('Uploaded file to /tmp/%s.'), htmlentities($_FILES['ulfile']['name'])); } if ($_POST) { conf_mount_rw(); } // Function: is Blank // Returns true or false depending on blankness of argument. function isBlank($arg) { return preg_match("/^\s*$/", $arg); } // Function: Puts // Put string, Ruby-style. function puts($arg) { echo "$arg\n"; } // "Constants". $Version = ''; $ScriptName = $REQUEST['SCRIPT_NAME']; // Get year. $arrDT = localtime(); $intYear = $arrDT[5] + 1900; $pgtitle = array(gettext("Diagnostics"), gettext("Command Prompt")); include("head.inc"); ?>

&1', $output); $output = implode("\n", $output); print("
" . htmlspecialchars($output) . "
"); ?>






PHP Response

"); $tmpname = tempnam("/tmp", ""); $phpfile = fopen($tmpname, "w"); fwrite($phpfile, "\n"); fclose($phpfile); $output = array(); exec("/usr/local/bin/php " . $tmpname, $output); unlink($tmpname); $output = implode("\n", $output); print("
" . htmlspecialchars($output) . "
"); // echo eval($_POST['txtPHPCommand']); puts(""); ?>


: print("Hello World!");