ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/i-scream/misc/scripts/cgi/taillog.cgi
Revision: 1.4
Committed: Mon Nov 5 19:25:32 2001 UTC (23 years ago) by tdb
Branch: MAIN
Changes since 1.3: +6 -1 lines
Log Message:
Fixed a nicely exploitable cgi :) It was possible to specify something in
the grep field like "word; cmd" and have `cmd` executed. Now should check
for a single word with 'normal' characters in it.

File Contents

# Content
1 #!/usr/bin/perl
2
3 require CGI;
4
5 my $query = new CGI;
6
7 my ($n) = $query->param('n');
8 my ($grep) = $query->param('grep');
9
10 if (defined $grep) {
11 if ($grep eq "") {
12 $grepStr = "";
13 }
14 else {
15 if ($grep =~ /^[a-zA-Z_\-0-9\.\/]$/) {
16 $grepStr = " | grep $grep";
17 }
18 else {
19 $grepStr = "";
20 }
21 }
22 }
23 else {
24 $grep = "";
25 }
26
27 if (!defined $n) {
28 $n = 50;
29 }
30
31 unless ($n =~ /^[0-9]{1,6}$/) {
32 $n = 50;
33 }
34
35 print "Content-type: text/html\n\n";
36
37 my(@lines) = `tail -n$n ../www/server.log$grepStr`;
38
39 print <<"END";
40 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
41
42 <html>
43
44 <head>
45 <title>The i-scream Project Logfile Tailer</title>
46 <meta name="description" content="The i-scream Project is a central
47 monitoring system for Unix, Linux and NT servers.">
48 <meta name="keywords" content="i-scream, project, central monitoring
49 system, unix, linux, nt, server, alert">
50 <meta name="generator" content="notepad on acid, aye.">
51 </head>
52
53 <body bgcolor="#ffffff" link="#0000ff" alink="#3333cc" vlink="#3333cc"
54 text="#000066">
55
56 <a href="http://www.i-scream.org.uk"><img border="0" src="/i-scream.gif"></a>
57
58 <form method="GET" action="taillog.cgi">
59 <font size="+1"><b>
60 Last <input type="text" name="n" value="$n" size="5" maxlength="5"> lines
61 of the server logfile.
62 | grep </b><input type="text" name="grep" value="$grep" size="20" maxlength="40">
63 <input type="submit" value="Enter">
64 </font>
65 </form>
66 <hr>
67 <pre>
68 END
69
70 foreach my $line (@lines) {
71 print HTML_encode($line);
72 }
73
74 print <<"END";
75 </pre>
76 </body>
77
78 </html>
79 END
80
81 exit 0;
82
83 #------------------------------------------------------
84 # sub HTML_encode
85 #
86 # escape HTML characters that may cause problems when
87 # shown either in the <body> or within text fields.
88 #------------------------------------------------------
89 sub HTML_encode ($){
90 my ($encoded) = @_;
91 $encoded =~ s/&/&amp;/g;
92 $encoded =~ s/"/&quot;/g;
93 $encoded =~ s/</&lt;/g;
94 $encoded =~ s/>/&gt;/g;
95 $encoded =~ s/^(.{0})(.*core\.loggers\..*: started)$/<hr size=10 color=blue>$2/;
96 $encoded =~ s/(.*)] (.*)}:(.*)/$1] <i>$2}<\/i>:<b>$3<\/b>/;
97 return $encoded;
98 }
99