others linux服务器运维 django3 监控 k8s golang 数据库 大数据 前端 devops 理论基础 java oracle 运维日志

通过url执行shell命令

访问量:1700 创建时间:2020-06-10

说明

访问nginx服务器,通过fastcgi调用shell,执行shell并返回。

安装 nginx

[root@name1 ~]# yum install nginx fcgiwrap spawn-fcgi
[root@name1 cgi-bin]# vim /etc/sysconfig/spawn-fcgi
FCGI_SOCKET=/var/run/fcgiwrap.sock
FCGI_PROGRAM=/usr/sbin/fcgiwrap
FCGI_USER=nginx
FCGI_GROUP=nginx
FCGI_EXTRA_OPTIONS="-M 0777"
OPTIONS="-u $FCGI_USER -g $FCGI_GROUP -s $FCGI_SOCKET -S $FCGI_EXTRA_OPTIONS -F 1 -P /var/run/spawn-fcgi.pid -- $FCGI_PROGRAM"
[root@name1 cgi-bin]# /sbin/chkconfig spawn-fcgi on
[root@name1 cgi-bin]# systemctl start spawn-fcgi
#修改nginx配置文件
[root@name1 nginx]# cat nginx.conf | egrep -v '^#|^    #|^$'
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
}
[root@name1 nginx]# vim conf.d/fcgi.conf 

server {
    listen 80;
    access_log  /var/log/nginx/fcgi_access.log;
    error_log   /var/log/nginx/fcgi_error.log debug;
    root /var/www/cgi-bin/;
    location / {
        index  index.html index.htm;
    }
   location ~ .*\.(pl|py|cgi|sh)?$ {
        include        /etc/nginx/fastcgi_params;
        fastcgi_pass   unix:/var/run/fcgiwrap.sock;
        fastcgi_index  index.cgi;
        fastcgi_param  SCRIPT_FILENAME /var/www/cgi-bin/$fastcgi_script_name;
    }
}
[root@name1 cgi-bin]# pwd
/var/www/cgi-bin
[root@name1 cgi-bin]# vim exe.cgi 
#!/bin/sh
#url解码
alias urldecode='sed "s@+@ @g;s@%@\\\\x@g" | xargs -0 printf "%b"'
cmdstr=`echo $QUERY_STRING | urldecode`
echo "Content-Type:text/plain;charset=utf-8"
echo ""
echo "done!"
[root@name1 cgi-bin]# ll
total 4
-rwxrwxrwx 1 root root 262 Jun 10 09:41 exe.cgi
[root@name1 cgi-bin]# chmod 777 exe.cgi 
[root@name1 cgi-bin]# systemctl restart nginx

访问页面:http://172.16.96.105/exe.cgi

<< 上一章节
登陆评论: 使用GITHUB登陆