Ben Cantrick (mackys) wrote,
Ben Cantrick
mackys

  • Mood:
  • Music:

School of bad ideas: AJAX rexec.




Yes, it's exactly what it looks like. You type in a UNIX shell command, and our old f(r)iend AJAX sends it back to a webs(w)erver where a CGI script executes the command, and sends the results back. AJAX then dynamically rewrites the page text to show the results.


The back-end CGI script:

#!/usr/bin/perl

# Officially the worst idea for a CGI script ever.

$_ = $ENV{QUERY_STRING};        # GET
if(! $_) {
   $_ = <STDIN>;        # POST
}

tr/+/ /;        # URL encoding changes spaces to plusses

my $output = `$_`;         # Enormous gaping security hole

print "Content-Type: text/plain\n\n", $output;


The front-end web page/javascript (non-functional, but view the source):

http://www.gully.org/~mackys/touch/ajaxrexec.html

As you can see, not only is this a really bad idea, it's also horribly implemented! So I expect that this will become the basis for the next big thing in Web tech. ;]

I made this so I could telnet from my iTouch. But although it works great in Firefox, it doesn't work at all on the Touch! It just won't submit the form or call ajax(). Oh the irony...
Tags: bad thing(tm), no
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 3 comments