Jump to content

niriuic

Members
  • Posts

    15
  • Joined

  • Last visited

Posts posted by niriuic

  1. Yes that's true - we have shifted our front-end code using css html and javascript. It's just the server side code that retrieves data and show to user.

    On a side note, I was curious to see a working example of javascript authenticating against an office 365 Tenant and then retrieving mailbox information.

    Thank you.

     

  2. Error message as reported in cgi log:

    20210427T130408: domain.com/wp-content/uploads/get-process.php
    PHP Parse error:  syntax error, unexpected 'pscripta' (T_STRING) in /hermes/bosnacweb01/bosnacweb01au/b375/ipg.acc56021/wp_site_1618028062/wp-content/uploads/get-process.php on line 33

  3. While hosting provider is in the process of enabling php logging (not sure why would it take so long for them to enable), I have a few things to clarify:

    Since I am executing get-process.php script (above) from a URL (https://domain.com/wp-content/uploads/get-process.php), can browser allow a script to access local file (powershell.exe) and allow an execution of a script from local folder?

    If answer to above question is no then how would someone execute a script on a click of button?

    In other words, allowing a browser script to access local files is a security risk.

    Thank you.

  4. Now correcting the path and then running the script from browser throws below error:

    Quote

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator, and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.

     

  5. here it is:

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title>Testing PowerShell</title>
    </head>
    <body>
    <?php
     
    // If there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form:
    if(!isset($_POST["submit"]))
    {
        ?>
        <form name="testForm" id="testForm" action="get-process.php" method="post" />
            Your name: <input type="text" name="username" id="username" maxlength="20" /><br />
            <input type="submit" name="submit" id="submit" value="Do stuff NowNew" />
        </form>
        <?php    
    }
    // Else if submit was pressed, check if all of the required variables have a value:
    elseif((isset($_POST["submit"])) && (!empty($_POST["username"])))
    {
       // Display the alert box 
       echo '<script>alert("Welcome to Geeks for Geeks")</script>';
       
       // Get the variables submitted by POST in order to pass them to the PowerShell script:
        $username = $_POST["username"];
        // Best practice tip: We run out POST data through a custom regex function to clean any unwanted characters, e.g.:
        // $username = cleanData($_POST["username"]);
             
    
    $psPath = 'C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe';
    $psDIR = 'C:/TestNew/';
    $psScript = 'pscripta.ps1';
    $runScript = $psDIR. $psScript;
    $runCMD = $psPath.' '.$runScript.' 2>&1'; 
    
    echo '\$psPath  $psPath <br>';
    echo '\$psDIR  $psDIR <br>';
    echo '\$psScript  $psScript <br>';
    echo '\$runScript  $runScript <br>';
    echo '\$runCMD   $runCMD  <br>';
    
    exec( $runCMD,$out,$ret);
    
    echo '<pre>';
    print_r($out);
    print_r($ret);
    echo '</pre>';
    
    }
    // Else the user hit submit without all required fields being filled out:
    else
    {
        echo 'Sorry, you did not complete all required fields. Please go back and try again.';
    }
    
    error_reporting(E_ALL);
    
    ?>
    </body>
    </html>

     

  6. Thank you both for your directions. Now after changing script as suggested this is what I see:

    Quote

    \$psPath $psPath
    \$psDIR $psDIR
    \$psScript $psScript
    \$runScript $runScript
    \$runCMD $runCMD

    Array ( [0] => sh: 1: C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe: not found ) 127

    It says PowerShell.exe not found. I can see PowerShell.exe in above path.

    I was reading somewhere about making PowerShell.exe globally available so it is available to that user when executed from browser, but I am not sure how to make it available globally.

    Thanks.

  7. This is what I see:

    $psPath C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    $psDIR C:\TestNew\
    $psScript pscripta.ps1
    $runScript C:\TestNew\pscripta.ps1
    $runCMD C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\TestNew\pscripta.ps1 2>&1

    Array ( [0] => sh: 1: C:WindowsSysWOW64WindowsPowerShellv1.0powershell.exe: not found ) 127

     

  8. Hello,

    PowerShell script stored locally can never be executed after I click on button:

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title>Testing PowerShell</title>
    </head>
    <body>
    <?php
     
    // If there was no submit variable passed to the script (i.e. user has visited the page without clicking submit), display the form:
    if(!isset($_POST["submit"]))
    {
        ?>
        <form name="testForm" id="testForm" action="get-process.php" method="post" />
            Your name: <input type="text" name="username" id="username" maxlength="20" /><br />
            <input type="submit" name="submit" id="submit" value="Do stuff NowNew" />
        </form>
        <?php    
    }
    // Else if submit was pressed, check if all of the required variables have a value:
    elseif((isset($_POST["submit"])) && (!empty($_POST["username"])))
    {
       // Display the alert box 
       echo '<script>alert("Welcome to Geeks for Geeks")</script>';
       
       // Get the variables submitted by POST in order to pass them to the PowerShell script:
        $username = $_POST["username"];
        // Best practice tip: We run out POST data through a custom regex function to clean any unwanted characters, e.g.:
        // $username = cleanData($_POST["username"]);
             
    
    $psPath = "C:\\Windows\\SysWOW64\WindowsPowerShell\\v1.0\\powershell.exe";
    $psDIR = "C:\\TestNew\\";
    $psScript = "pscripta.ps1";
    $runScript = $psDIR. $psScript;
    $runCMD = $psPath." ".$runScript." 2>&1"; 
    
    echo "\$psPath  $psPath <br>";
    echo "\$psDIR  $psDIR <br>";
    echo "\$psScript  $psScript <br>";
    echo "\$runScript  $runScript <br>";
    echo "\$runCMD   $runCMD  <br>";
    
    exec( $runCMD,$out,$ret);
    
    echo "<pre>";
    print_r($out);
    print_r($ret);
    echo "</pre>";
    
    }
    // Else the user hit submit without all required fields being filled out:
    else
    {
        echo "Sorry, you did not complete all required fields. Please go back and try again.";
    }
    ?>
    </body>
    </html>

     

    Thank you for your help!

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.