|
| 1 | +<?php |
| 2 | +/* |
| 3 | + * credits to: |
| 4 | + * c00kiemon5ter for various suggestions |
| 5 | + * HdkiLLeR(vpk) for security tips |
| 6 | + */ |
| 7 | +?> |
1 | 8 | <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="el" xml:lang="el"> |
2 | 9 | <head> |
3 | 10 | <META AUTHOR="Periklis Ntanasis a.k.a. Master_ex"> |
|
28 | 35 | <?php |
29 | 36 | if(isset($_GET['submit'])) |
30 | 37 | { |
| 38 | + // use of escapeshellcmd - must be enabled |
| 39 | + // http://php.net/manual/en/function.escapeshellcmd.php |
| 40 | + // escapes #&;`|*?~<>^()[]{}$\, \x0A and \xFF. ' and " |
| 41 | + // are escaped only if they are not paired. |
31 | 42 | $servise = trim($_GET['servise']); |
32 | 43 | $address = trim($_GET['address']); |
33 | 44 | if( |
34 | | - (strpos($address,';')>0) |
35 | | - || (strpos($address,'|')>0) |
36 | | - || (strpos($address,'\\')>0) |
37 | | - || (strpos($address,'/')>0) |
38 | | - || (strpos($address,'>')>0) |
39 | | - || (strpos($address,'<')>0) |
40 | | - || (strpos($address,'|')===0) |
41 | | - || (strpos($address,';')===0) |
42 | | - || (strpos($address,'\\')===0) |
43 | | - || (strpos($address,'/')===0) |
44 | | - || (strpos($address,'>')===0) |
45 | | - || (strpos($address,'<')===0) ) |
| 45 | + (strpos($address,'/')>0) |
| 46 | + || (strpos($address,'/')===0) ) |
46 | 47 | { |
47 | 48 | echo "Don't be naughty!"; |
48 | 49 | exit(); |
49 | 50 | } |
50 | 51 | if($servise=="ping") |
51 | 52 | { |
52 | | - exec("ping ".$address." -c 4",$results); |
| 53 | + exec("ping '".escapeshellcmd($address)."' -c 4",$results); |
53 | 54 | } |
54 | 55 | if($servise=="traceroute") |
55 | 56 | { |
56 | | - exec("traceroute ".$address,$results); |
| 57 | + exec("traceroute '".escapeshellcmd($address)."'",$results); |
57 | 58 | } |
58 | 59 | if($servise=="nslookup") |
59 | 60 | { |
60 | | - exec("nslookup ".$address,$results); |
| 61 | + exec("nslookup '".escapeshellcmd($address)."'",$results); |
61 | 62 | } |
62 | 63 | foreach($results as $result) |
63 | 64 | { |
|
0 commit comments