-
Notifications
You must be signed in to change notification settings - Fork 59
/
no_space.php
108 lines (108 loc) · 5.18 KB
/
no_space.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">
<title>Commix testbed - Command injection test environment</title>
<!-- Bootstrap Core CSS -->
<link href="../../css/bootstrap.min.css" rel="stylesheet">
<!-- font-awesome Core CSS -->
<link href="../../css/font-awesome.css" rel="stylesheet">
<!-- Custom CSS -->
<link href="../../css/heroic-features.css" rel="stylesheet">
<link rel="stylesheet" href="../../css/bootstrap-submenu.css">
<script src="../../js/bootstrap-submenu.js" defer></script>
<!-- HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->
<!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
<script src="https://oss.maxcdn.com/libs/respond.js/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<!-- Navigation -->
<nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">
<div class="container">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand">
<img style="max-width:43px; margin-top: -11px;"
src="../../img/logo.png">
</a>
<a class="navbar-brand" href="../../index.php">commix-testbed (v0.1)</a>
</div>
<!-- /.navbar-collapse -->
</div>
<!-- /.container -->
</nav>
<!-- Page Content -->
<div class="container">
<!-- Jumbotron Header -->
<header class="jumbotron hero-spacer">
<h2><b>Commix testbed - A command injection test environment!</b></h2>
<p>A collection of web pages, vulnerable to <b><a href="https://www.owasp.org/index.php/Command_Injection">command injection flaws</a></b>, used to test <b><a href="https://github.com/commixproject/commix">commix</a></b>'s vulnerability <b>detection</b> and <b>exploitation</b> features.</p>
<p>
<a href="https://twitter.com/commixproject" class="twitter-follow-button" data-show-count="false">Follow @commixproject</a><script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
<iframe src="https://ghbtns.com/github-btn.html?user=commixproject&repo=commix&type=star&count=true" frameborder="0" scrolling="0" width="170px" height="20px"></iframe>
</header>
<!-- Title -->
<div class="row">
<div class="text-center">
<h3><a href="../../">Back</a></b> to command injection scenarios categories</h3>
</div>
</div>
<!-- /.row -->
<!-- Page Features -->
<div class="container">
<div class="row">
<div class="jumbotron hero-spacer">
<form action="no_space.php" method="POST">
Ping address: <input type="text" name="addr">
<input value="Submit!" type="submit">
</form>
<br>
<b>
<?php
$addr = $_POST['addr'];
if(isset($addr)){
# Matches the character " ".
if(preg_match('/ /',$addr)){
die("Invalid IP format.");
}else{
# Execute command!
echo exec("/bin/ping -c 4 ".$addr);
}
}
?>
</b>
</div>
</div>
</div>
<!-- /.row -->
<hr>
<!-- Footer -->
<footer>
<div class="row text-center">
<div class="col-lg-12">
<p>Made in Greece with <font size="3" color="red"><b>♥</b></font> by <a href="https://github.com/stasinopoulos"> Anastasios Stasinopoulos</a>.</p>
<a href="https://twitter.com/ancst" class="twitter-follow-button" data-show-count="false">Follow @ancst</a><script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+'://platform.twitter.com/widgets.js';fjs.parentNode.insertBefore(js,fjs);}}(document, 'script', 'twitter-wjs');</script>
</div>
</div>
</footer>
</div>
<!-- /.container -->
<!-- jQuery -->
<script src="js/jquery.js"></script>
<!-- Bootstrap Core JavaScript -->
<script src="js/bootstrap.min.js"></script>
</body>
</html>