-
Notifications
You must be signed in to change notification settings - Fork 1
/
os_cmd_i.php
136 lines (90 loc) · 4.3 KB
/
os_cmd_i.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?php
session_start();
if (!isset($_SESSION['loggedin']) || $_SESSION['loggedin'] !== true) {
header("location: login.php");
}
function commandi($data)
{
return $data;
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
<meta name="description" content="">
<meta name="author" content="">
<title>VulnApp - Dashboard</title>
<!-- Custom fonts for this template-->
<link href="vendor/fontawesome-free/css/all.min.css" rel="stylesheet" type="text/css">
<link href="https://fonts.googleapis.com/css?family=Nunito:200,200i,300,300i,400,400i,600,600i,700,700i,800,800i,900,900i" rel="stylesheet">
<!-- Custom styles for this template-->
<link href="css/main.min.css" rel="stylesheet">
</head>
<body>
<!-- Page Wrapper -->
<div id="wrapper">
<?php
include('siderbar.php');
?>
<!-- Content Wrapper -->
<div id="content-wrapper" class="d-flex flex-column">
<!-- Main Content -->
<div id="content" style="background-color: #000;">
<?php
include('header.php');
?>
<div id="main">
<h1 style="margin-left: 25px;"><b>OS Command Injection</b></h1>
<div class="card shadow mb-4" style="margin-left: 25px; margin-right: 300px;margin-top: 20px;">
<div class="card-header py-3">
<h6 class="m-0 font-weight-bold text-primary">Enter your first and last name:</h6>
</div>
<div class="card-body">
<form action="<?php echo ($_SERVER["SCRIPT_NAME"]); ?>" method="POST">
<p>
<label for="target">DNS lookup:</label>
<input type="text" id="target" name="target" value="www.nsa.gov">
<button type="submit" name="form" value="submit">Lookup</button>
</p>
</form>
<br />
</div>
</div>
<?php
if (isset($_POST["target"])) {
$target = $_POST["target"];
if ($target == "") {
echo "<font color=\"red\">Enter a domain name...</font>";
} else {
echo "<p align=\"left\">" . shell_exec("nslookup " . commandi($target)) . "</p>";
}
}
?>
</div>
<div class="mb-6">
<div class="card card-sm card-body rounded mb-3" style="margin-left: 25px; margin-right: 25px;">
<div data-target="#panel-1" class="accordion-panel-header" data-toggle="collapse" role="button" aria-expanded="false" aria-controls="panel-1"><span class="h6 mb-0">Solution</span><span class="icon" style="margin-left: 10px;"><i class="fas fa-angle-down"></i></span></div>
<div class="collapse" id="panel-1">
<div class="pt-3">
<p class="mb-0"><?php echo htmlspecialchars("www.nsa.gov|whoami");?></p>
</div>
</div>
</div>
</div>
<!-- Bootstrap core JavaScript-->
<script src="vendor/jquery/jquery.min.js"></script>
<script src="vendor/bootstrap/js/bootstrap.bundle.min.js"></script>
<!-- Core plugin JavaScript-->
<script src="vendor/jquery-easing/jquery.easing.min.js"></script>
<!-- Custom scripts for all pages-->
<script src="js/main.min.js"></script>
<!-- Page level plugins -->
<script src="vendor/chart.js/Chart.min.js"></script>
<!-- Page level custom scripts -->
<script src="js/demo/chart-area-demo.js"></script>
<script src="js/demo/chart-pie-demo.js"></script>
</body>
</html>