A tool to execute PHP scripts

Re: A tool to execute PHP scripts

Marek Kotowski wrote:[color=blue]
> I am looking for a tool to execute PHP scripts
> entered in a HTML form. For example: user is
> given a problem to solve. He writes a PHP script,
> sends it to a server, where it is executed
> and results are send back to the user. Are
> such tools available at all?
>
> Thanks in advance.
>
> Marek Kotowski
> Warsaw[/color]

PHP's eval() should do the trick.
But be afraid, be *very* afraid to use it with user input :)


--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--

Re: A tool to execute PHP scripts

On Tue, 06 Jan 2004 01:54:13 -0800, Marek Kotowski wrote:
[color=blue]
> I am looking for a tool to execute PHP scripts entered in a HTML form. For
> example: user is given a problem to solve. He writes a PHP script, sends
> it to a server, where it is executed and results are send back to the
> user. Are such tools available at all?
>
> Thanks in advance.
>
> Marek Kotowski
> Warsaw[/color]


Sure... SCP... RSYNC... FTP............ .........



Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.

Re: A tool to execute PHP scripts

On Tue, 06 Jan 2004 12:21:57 +0000, Ian.H wrote:
[color=blue]
> On Tue, 06 Jan 2004 01:54:13 -0800, Marek Kotowski wrote:
>[color=green]
>> I am looking for a tool to execute PHP scripts entered in a HTML form.
>> For example: user is given a problem to solve. He writes a PHP script,
>> sends it to a server, where it is executed and results are send back to
>> the user. Are such tools available at all?
>>
>> Thanks in advance.
>>
>> Marek Kotowski
>> Warsaw[/color]
>
>
> Sure... SCP... RSYNC... FTP............ .........[/color]


Apologies.. forgot about the "HTML form".

The "tool" you're looking for is umm... 'php'?

- Upload script through form
- Upload script either uses system() etc or redirects to script for web
output
- Browser displays results



Regards,

Ian

--
Ian.H [Design & Development]
digiServ Network - Web solutions
www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
Programming, Web design, development & hosting.

Re: A tool to execute PHP scripts

"Ian.H" <ian@WINDOZEdig iserv.net> wrote in message
news:pan.2004.0 1.06.12.24.07.7 6156@hybris.dig iserv.net...[color=blue]
> On Tue, 06 Jan 2004 12:21:57 +0000, Ian.H wrote:
>[color=green]
> > On Tue, 06 Jan 2004 01:54:13 -0800, Marek Kotowski wrote:
> >[color=darkred]
> >> I am looking for a tool to execute PHP scripts entered in a HTML form.
> >> For example: user is given a problem to solve. He writes a PHP script,
> >> sends it to a server, where it is executed and results are send back to
> >> the user. Are such tools available at all?
> >>
> >> Thanks in advance.
> >>
> >> Marek Kotowski
> >> Warsaw[/color]
> >
> >
> > Sure... SCP... RSYNC... FTP............ .........[/color]
>
>
> Apologies.. forgot about the "HTML form".
>
> The "tool" you're looking for is umm... 'php'?
>
> - Upload script through form
> - Upload script either uses system() etc or redirects to script for web
> output
> - Browser displays results
>
>
>
> Regards,
>
> Ian
>
> --
> Ian.H [Design & Development]
> digiServ Network - Web solutions
> www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
> Programming, Web design, development & hosting.
>[/color]



All doable, check out my site, there is a section called PHP Now, it lets
you type in php code that gets run on the server, and the results returned,
but as was stated earlier, be afraid! I can bring stuff down very easy, and
expose stuff realy easy too. I am still locking my PHP Now page every day
almost.


--
Mike Bradley
http://www.gzentools.com -- free online php tools

Re: A tool to execute PHP scripts


"CountScubu la" <me@scantek.hot mail.com> wrote in message
news:tGyKb.6222 $wW7.2019@newss vr27.news.prodi gy.com...[color=blue]
> "Ian.H" <ian@WINDOZEdig iserv.net> wrote in message
> news:pan.2004.0 1.06.12.24.07.7 6156@hybris.dig iserv.net...[color=green]
> > On Tue, 06 Jan 2004 12:21:57 +0000, Ian.H wrote:
> >[color=darkred]
> > > On Tue, 06 Jan 2004 01:54:13 -0800, Marek Kotowski wrote:
> > >
> > >> I am looking for a tool to execute PHP scripts entered in a HTML[/color][/color][/color]
form.[color=blue][color=green][color=darkred]
> > >> For example: user is given a problem to solve. He writes a PHP[/color][/color][/color]
script,[color=blue][color=green][color=darkred]
> > >> sends it to a server, where it is executed and results are send back[/color][/color][/color]
to[color=blue][color=green][color=darkred]
> > >> the user. Are such tools available at all?
> > >>
> > >> Thanks in advance.
> > >>
> > >> Marek Kotowski
> > >> Warsaw
> > >
> > >
> > > Sure... SCP... RSYNC... FTP............ .........[/color]
> >
> >
> > Apologies.. forgot about the "HTML form".
> >
> > The "tool" you're looking for is umm... 'php'?
> >
> > - Upload script through form
> > - Upload script either uses system() etc or redirects to script for web
> > output
> > - Browser displays results
> >
> >
> >
> > Regards,
> >
> > Ian
> >
> > --
> > Ian.H [Design & Development]
> > digiServ Network - Web solutions
> > www.digiserv.net | irc.digiserv.ne t | forum.digiserv. net
> > Programming, Web design, development & hosting.
> >[/color]
>
>
>
> All doable, check out my site, there is a section called PHP Now, it lets
> you type in php code that gets run on the server, and the results[/color]
returned,[color=blue]
> but as was stated earlier, be afraid! I can bring stuff down very easy,[/color]
and[color=blue]
> expose stuff realy easy too. I am still locking my PHP Now page every day
> almost.
>
>
> --
> Mike Bradley
> http://www.gzentools.com -- free online php tools
>
>[/color]

Greetings,

Just read today of something called IndigoPerl. Supposed to run on all
sorts
of platforms. Non-invasive install and free. Let's you run an Apache server
and PHP
scripts on your own computer so you don't have to upload and all that to
test.

Ray

Re: A tool to execute PHP scripts

CountScubula wrote:[color=blue]
> ... I am still locking my PHP Now page every day almost.[/color]


lock backticks!

Ah, you've already done it :)
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--

Re: A tool to execute PHP scripts

"Pedro Graca" <hexkid@hotpop. com> wrote in message
news:btedu2$67e s8$1@ID-203069.news.uni-berlin.de...[color=blue]
> CountScubula wrote:[color=green]
> > ... I am still locking my PHP Now page every day almost.[/color]
>
>
> lock backticks!
>
> Ah, you've already done it :)
> --
> --= my mail box only accepts =--
> --= Content-Type: text/plain =--
> --= Size below 10001 bytes =--[/color]

ok, that was you,
not to cool, you tried to have the server dump out its own php page
(phpnow.php)
I had black listed you, I will remove it since you actualy posted here to
let be know of a flaw.


--
Mike Bradley
http://www.gzentools.com -- free online php tools

Re: A tool to execute PHP scripts

"Pedro Graca" <hexkid@hotpop. com> wrote in message
news:btedu2$67e s8$1@ID-203069.news.uni-berlin.de...[color=blue]
> CountScubula wrote:[color=green]
> > ... I am still locking my PHP Now page every day almost.[/color]
>
>
> lock backticks!
>
> Ah, you've already done it :)
> --
> --= my mail box only accepts =--
> --= Content-Type: text/plain =--
> --= Size below 10001 bytes =--[/color]

btw

you server is dumping out too much info, it shows what it accepts

Unsupported request method.
The Methods supported are ,
GET, POST, HEAD, PUT, TRACE, DELETE, OPTIONS, CONNECT, PURGE, NETHCMD,
PROPFIND, PROPPATCH, MKCOL, COPY, DELETE, MOVE, LOCK, UNLOCK, BIND, BMOVE,
BCOPY, BDELETE, BPROPFIND, BPROPPATCH, SEARCH, SUBSCRIBE, UNSUBSCRIBE, POLL,
SUBSCRIPTIONS, ACL, NOTIFY, INVOKE
...
...
Generated Tue, 06 Jan 2004 14:00:26 GMT by
(<a href="http://www.cisco.com/">Applicati on and Content Networking System
Software 5.0.5</a>)




--
Mike Bradley
http://www.gzentools.com -- free online php tools

Re: A tool to execute PHP scripts

CountScubula wrote:[color=blue]
> "Pedro Graca" <hexkid@hotpop. com> wrote in message[color=green]
>> CountScubula wrote:[color=darkred]
>> > ... I am still locking my PHP Now page every day almost.[/color][/color][/color]
[color=blue][color=green]
>> lock backticks![/color][/color]
[color=blue]
> ok, that was you,
> not to cool, you tried to have the server dump out its own php page
> (phpnow.php)[/color]

Well ... I never intended to (or know how to) hack/crack your server.
Just tried backticks to see what would happen :)

Then I tried file(), file_get_conten ts(), highlight_file( )
but they all were locked.
[color=blue]
> I had black listed you, I will remove it since you actualy posted here to
> let be know of a flaw.[/color]

It never occurred to me that I could no longer use backticks because I
was blocked ... hope you solved the situation before my posting and had
no other tries of exploits with backticks.
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--

[OT] Re: A tool to execute PHP scripts

CountScubula wrote:[color=blue]
> you server is dumping out too much info, it shows what it accepts[/color]
[color=blue]
> Unsupported request method.
> The Methods supported are ,
> GET, POST, HEAD, PUT, TRACE, DELETE, OPTIONS, CONNECT, PURGE, NETHCMD,
> PROPFIND, PROPPATCH, MKCOL, COPY, DELETE, MOVE, LOCK, UNLOCK, BIND,
> BMOVE,
> BCOPY, BDELETE, BPROPFIND, BPROPPATCH, SEARCH, SUBSCRIBE, UNSUBSCRIBE,
> POLL,
> SUBSCRIPTIONS, ACL, NOTIFY, INVOKE[/color]

Thank you. I have now read a bit more of the Apache documentation, and
tried a <Limit> thing but don't know if it had the effect of turning
most methods unsupported.

How did you get that list?
I searched a bit on cisco.com (without registering) but couldn't find it
there.

PS. <me@scantek.hot mail.com> is an invalid address
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--

Re: A tool to execute PHP scripts

"Pedro Graca" <hexkid@hotpop. com> wrote in message
news:bteisi$67g hb$1@ID-203069.news.uni-berlin.de...[color=blue]
>
> Well ... I never intended to (or know how to) hack/crack your server.
> Just tried backticks to see what would happen :)
>
> Then I tried file(), file_get_conten ts(), highlight_file( )
> but they all were locked.
>[color=green]
> > I had black listed you, I will remove it since you actualy posted here[/color][/color]
to[color=blue][color=green]
> > let be know of a flaw.[/color]
>
> It never occurred to me that I could no longer use backticks because I
> was blocked ... hope you solved the situation before my posting and had
> no other tries of exploits with backticks.
> --
> --= my mail box only accepts =--
> --= Content-Type: text/plain =--
> --= Size below 10001 bytes =--[/color]

:) as long as you did it openly, I am ok with it, boy did it keep me on my
toes! The PHP now script logs entry off commands so I can see if there is
any abuse, and what to try and lock.

you were the first backtick person. I have had some doosies, some people
have no idea what they are doing,

Backticks was something I overlooked, I use them all the time, and have no
idea why I overlooked locking those down.

Well, I thought you were on a info gathering mission, from some of the
commands that scrolled by:
`ls`
`uname -a`
print implode("","php now.php");
--you were doing it methodicly

I wrote a section of code to black list as you were trying the commands


its funny, my own encoder was able to get past my locking of the commands,
but thats locked too now.

take care, and thanks for waking/shaking me up ;)

--
Mike Bradley
http://www.gzentools.com -- free online php tools

Re: [OT] Re: A tool to execute PHP scripts

"Pedro Graca" <hexkid@hotpop. com> wrote in message
news:btejlc$631 f0$1@ID-203069.news.uni-berlin.de...[color=blue]
> CountScubula wrote:[color=green]
> > you server is dumping out too much info, it shows what it accepts[/color]
>[color=green]
> > Unsupported request method.
> > The Methods supported are ,
> > GET, POST, HEAD, PUT, TRACE, DELETE, OPTIONS, CONNECT, PURGE, NETHCMD,
> > PROPFIND, PROPPATCH, MKCOL, COPY, DELETE, MOVE, LOCK, UNLOCK, BIND,
> > BMOVE,
> > BCOPY, BDELETE, BPROPFIND, BPROPPATCH, SEARCH, SUBSCRIBE, UNSUBSCRIBE,
> > POLL,
> > SUBSCRIPTIONS, ACL, NOTIFY, INVOKE[/color]
>
> Thank you. I have now read a bit more of the Apache documentation, and
> tried a <Limit> thing but don't know if it had the effect of turning
> most methods unsupported.
>
> How did you get that list?
> I searched a bit on cisco.com (without registering) but couldn't find it
> there.
>
> PS. <me@scantek.hot mail.com> is an invalid address
> --
> --= my mail box only accepts =--
> --= Content-Type: text/plain =--
> --= Size below 10001 bytes =--[/color]


Well, when it apears somone is hacking me (i know you were not after all), I
monitor them, and imediatly start looking at who they are, were they are
comming from, what routers they are going through, data in their packets.
what services are running on thier IP (router/firewall/server/machine)

I did a simple

telnet your_ip 80

and hit enter 2 times, and waited for a default bad method answer

then

telnet your_ip 80

GET / HTTP/1.1

to see the default page

psssst. I also looked at your ftp server :)



--
Mike Bradley
http://www.gzentools.com -- free online php tools

Re: A tool to execute PHP scripts

CountScubula wrote:[color=blue]
>:) as long as you did it openly, I am ok with it, boy did it keep me on my
> toes! The PHP now script logs entry off commands so I can see if there is
> any abuse, and what to try and lock.[/color]
I have another peculiar hacking/cracking idea :-)
[color=blue]
> Well, I thought you were on a info gathering mission, from some of the
> commands that scrolled by:
> `ls`[/color]
First thing that crossed my mind
[color=blue]
> `uname -a`[/color]
Ah! `ls` worked :) -- Let's see what machine he has (I remembered this from
some of my reading)
But then I don't know what to do with the information (lol).
[color=blue]
> print implode("","php now.php");[/color]
Trying to see a php source
[color=blue]
> --you were doing it methodicly[/color]
with the several functions I thought of
[color=blue]
> I wrote a section of code to black list as you were trying the commands[/color]
Wouldn't it be easier to
root# iptables -I INPUT -s <my_ip> -j DROP
[color=blue]
> take care, and thanks for waking/shaking me up ;)[/color]
I feel confident my last idea works -- feel afraid, feel *very* afraid

.... Will only test it when you return from your scuba diving
--
--= my mail box only accepts =--
--= Content-Type: text/plain =--
--= Size below 10001 bytes =--

Re: A tool to execute PHP scripts

"Pedro Graca" <hexkid@hotpop. com> wrote in message
news:btfh0h$6k1 v2$1@ID-203069.news.uni-berlin.de...
[color=blue]
> Wouldn't it be easier to
> root# iptables -I INPUT -s <my_ip> -j DROP
>[color=green]
> > take care, and thanks for waking/shaking me up ;)[/color]
> I feel confident my last idea works -- feel afraid, feel *very* afraid
>
> ... Will only test it when you return from your scuba diving
> --[/color]

well, i'm back, I am only 150 yards from the beach. (today that is, I am
kicking back at an office I am setting up for a friend, he is a scuba
instructor)

true iptables would be faster, but I wanted others from the same IP to
access the machine. I didn't know if you owned it or if it was a
router/firewall

You know more than you let on, most people have no idea how to use iptables,
let alone that the command exists. I think you hacking ability is more than
you let on, kudos. This is what makes things better in my opinion.

Ok, you got me a little nervous, you have a new idea?


--
Mike Bradley
http://www.gzentools.com -- free online php tools