execute command from web page

FNC · 03-03-2003, 03:24 AM

Hi
I want to write a function into my web page to execute a command on my pc (running linux/apache). For instance to execute start or stop mySQL or apache itself.

Does anyone know how to do this?

DaveG · 03-03-2003, 03:17 PM

Check out the Apache manual pages for Server-Side Includes: mod_include.
One of the options is to allow execution of programs/scripts.
Other options include server-side scripting e.g. PHP/Perl etc.
Before you start, think about security. Can anyone else access the server, like while you're on-line? Do you want to allow anyone to run any script on your machine? Does it need to be suid root to run? You may want to restrict access to authenticated users via SSL only.
Just be careful and do your testing off-line first.

Shak · 03-06-2003, 07:00 AM

You could just use PHP's function system() or exec() and then you can run a command on the server.

Shak

FNC · 03-06-2003, 01:34 PM

Thanks

I got right with SSI. eg.

<pre>
<! --#exec cmd="ls" -- >
</pre>

But I now have a new question. What happens if someone hosts my website, and I add a command like:
<pre>
<! --#exec cmd="rm -rf /" -- >
</pre>
to my webpage.
Would I then not delete all info on the server?????

nakkaya · 03-06-2003, 04:17 PM

if i am not mistaken apache is not running as root so no one can delete outsite their home directory (correct me if i am wrong)

Shak · 03-06-2003, 06:17 PM

You will need to check the user that owns the Apache binaries is. But theoretically its possible to run the rm -rf / command

Shak