I created a web page using lighttpd.
I created cgi in C language and I want to load the page using javascript in cgi.
If you set the wireless setting, the web page will not load and an error message will be displayed.
The model is Qualcomm Atheros AP152 reference board
This is it.
net.bridge.bridge-nf-call-custom = 0
What is this?
Haven't we talked about this before?
I asked the same question again. I did not solve it and asked me to write down my questions in more detail. So I ask it again.
This is the output of the sysctl -w net.bridge.bridge-nf-call-custom=0 command. Something in your code or the code you call is executing this command without redirecting the stdout to /dev/null.
Is cgi made in C language wrong?
The problem you describe will happen with any programming language as long as you spawn external commands without muting their stdio.
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <dirent.h>
#include <time.h>
#include <sys/ioctl.h>
#include <arpa/inet.h>
#include <sys/sysinfo.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#define DATALEN 256
char *web_get(char *tag, char *input, int dbg)
{
char *e_begin, *v_begin, *v_end;
static char ret[DATALEN];
int v_len;
sprintf(ret, "&%s=", tag);
if (NULL == (e_begin = strstr(input, ret))) {
sprintf(ret, "%s=", tag);
if (NULL == (e_begin = strstr(input, ret)) || e_begin != input)
return "";
}
memset(ret, 0, DATALEN);
v_begin = strchr(e_begin, '=') + 1;
if ((NULL != (v_end = strchr(v_begin, '&')) ||
NULL != (v_end = strchr(v_begin, '\0'))) &&
(0 < (v_len = v_end - v_begin)))
unencode(v_begin, v_end, ret);
if (dbg == 1)
printf("%s = %s\n", tag, ret);
return ret;
}
void check_fiveg(char *input){
system("uci set wireless.wifi1.disabled=0");
system("uci commit wireless");
system("wifi");
}
void check_twog(char *input){
system("uci set wireless.wifi0.disabled=0");
system("uci commit wireless");
system("wifi");
}
void set_fiveg(char *input){
char *apmode5,*wireless_mode5,*ssid5,*pwd5,*wds5,*channel5,*encmode5;
char cmd5[256]={0,};
char pwdcmd5[256]={0,};
wireless_mode5 = strdup(web_get("ap_mode_sel", input, 0));
apmode5 = strdup(web_get("radio_box", input, 0));
ssid5 = strdup(web_get("ssid5", input, 0));
pwd5 = strdup(web_get("pwd5", input, 0));
wds5 = strdup(web_get("radio_box_wds", input, 0));
channel5 = strdup(web_get("ap_channel_sel", input, 0));
encmode5 = strdup(web_get("encmode", input, 0));
if(!strcmp(encmode5,"0")){
system("uci set wireless.@wifi-iface[1].encryption=none");
}
if(!strcmp(encmode5,"1")){
system("uci set wireless.@wifi-iface[1].encryption=psk+tkip");
}
if(!strcmp(encmode5,"2")){
system("uci set wireless.@wifi-iface[1].encryption=psk");
}
if(!strcmp(encmode5,"3")){
system("uci set wireless.@wifi-iface[1].encryption=psk+tkip+ccmp");
}
if(!strcmp(encmode5,"4")){
system("uci set wireless.@wifi-iface[1].encryption=psk2+tkip");
}
if(!strcmp(encmode5,"5")){
system("uci set wireless.@wifi-iface[1].encryption=psk2");
}
if(!strcmp(encmode5,"6")){
system("uci set wireless.@wifi-iface[1].encryption=psk2+tkip+ccmp");
}
if(!strcmp(encmode5,"7")){
system("uci set wireless.@wifi-iface[1].encryption=psk-mixed+tkip");
}
if(!strcmp(encmode5,"8")){
system("uci set wireless.@wifi-iface[1].encryption=psk-mixed+ccmp");
}
if(!strcmp(encmode5,"9")){
system("uci set wireless.@wifi-iface[1].encryption=psk-mixed+tkip+ccmp");
}
if(!strcmp(channel5,"auto")){
system("uci set wireless.wifi1.channel=auto");
}
if(!strcmp(channel5,"36")){
system("uci set wireless.wifi1.channel=36");
}
if(!strcmp(channel5,"40")){
system("uci set wireless.wifi1.channel=40");
}
if(!strcmp(channel5,"44")){
system("uci set wireless.wifi1.channel=44");
}
if(!strcmp(channel5,"48")){
system("uci set wireless.wifi1.channel=48");
}
if(!strcmp(channel5,"52")){
system("uci set wireless.wifi1.channel=52");
}
if(!strcmp(channel5,"56")){
system("uci set wireless.wifi1.channel=56");
}
if(!strcmp(channel5,"60")){
system("uci set wireless.wifi1.channel=60");
}
if(!strcmp(channel5,"64")){
system("uci set wireless.wifi1.channel=64");
}
if(!strcmp(channel5,"100")){
system("uci set wireless.wifi1.channel=100");
}
if(!strcmp(channel5,"104")){
system("uci set wireless.wifi1.channel=104");
}
if(!strcmp(channel5,"108")){
system("uci set wireless.wifi1.channel=108");
}
if(!strcmp(channel5,"112")){
system("uci set wireless.wifi1.channel=112");
}
if(!strcmp(channel5,"116")){
system("uci set wireless.wifi1.channel=116");
}
if(!strcmp(channel5,"120")){
system("uci set wireless.wifi1.channel=120");
}
if(!strcmp(channel5,"149")){
system("uci set wireless.wifi1.channel=149");
}
if(!strcmp(channel5,"153")){
system("uci set wireless.wifi1.channel=153");
}
if(!strcmp(channel5,"157")){
system("uci set wireless.wifi1.channel=157");
}
if(!strcmp(channel5,"161")){
system("uci set wireless.wifi1.channel=161");
}
if(!strcmp(wireless_mode5,"ap")){
system("uci set wireless.@wifi-iface[1].mode=ap");
}
if(!strcmp(wireless_mode5,"sta")){
system("uci set wireless.@wifi-iface[1].mode=sta");
}
if(strcmp(ssid5,"0")!=0){
sprintf(cmd5, "uci set wireless.@wifi-iface[1].ssid=%s", ssid5);
system(cmd5);
}
if(strcmp(pwd5,"0")!=0){
sprintf(pwdcmd5, "uci set wireless.@wifi-iface[1].key=%s", pwd5);
system(pwdcmd5);
}
if(!strcmp(wds5,"0")){
system("uci set wireless.@wifi-iface[1].wds=0");
}
if(!strcmp(wds5,"1")){
system("uci set wireless.@wifi-iface[1].wds=1");
}
//0이면 Enable 1이면 Disable
if(!strcmp(apmode5,"0")){
system("uci set wireless.wifi1.disabled=0");
}
if(!strcmp(apmode5,"1")){
system("uci set wireless.wifi1.disabled=1");
}
system("uci commit wireless");
system("wifi");
}
void set_twog(char *input){
char *apmode,*wireless_mode,*ssid24,*pwd24,*wds24,*channel24,*encmode24;
char cmd[256]={0,};
char pwdcmd[256]={0,};
wireless_mode = strdup(web_get("ap_mode_sel", input, 0));
apmode = strdup(web_get("radio_box", input, 0));
ssid24 = strdup(web_get("ssid24", input, 0));
pwd24 = strdup(web_get("pwd24", input, 0));
wds24 = strdup(web_get("radio_box_wds", input, 0));
channel24 = strdup(web_get("ap_channel_sel", input, 0));
encmode24 = strdup(web_get("encmode", input, 0));
if(!strcmp(encmode24,"0")){
system("uci set wireless.@wifi-iface[0].encryption=none");
}
if(!strcmp(encmode24,"1")){
system("uci set wireless.@wifi-iface[0].encryption=psk+tkip");
}
if(!strcmp(encmode24,"2")){
system("uci set wireless.@wifi-iface[0].encryption=psk");
}
if(!strcmp(encmode24,"3")){
system("uci set wireless.@wifi-iface[0].encryption=psk+tkip+ccmp");
}
if(!strcmp(encmode24,"4")){
system("uci set wireless.@wifi-iface[0].encryption=psk2+tkip");
}
if(!strcmp(encmode24,"5")){
system("uci set wireless.@wifi-iface[0].encryption=psk2");
}
if(!strcmp(encmode24,"6")){
system("uci set wireless.@wifi-iface[0].encryption=psk2+tkip+ccmp");
}
if(!strcmp(encmode24,"7")){
system("uci set wireless.@wifi-iface[0].encryption=psk-mixed+tkip");
}
if(!strcmp(encmode24,"8")){
system("uci set wireless.@wifi-iface[0].encryption=psk-mixed+ccmp");
}
if(!strcmp(encmode24,"9")){
system("uci set wireless.@wifi-iface[0].encryption=psk-mixed+tkip+ccmp");
}
if(!strcmp(channel24,"auto")){
system("uci set wireless.wifi0.channel=auto");
}
if(!strcmp(channel24,"1")){
system("uci set wireless.wifi0.channel=1");
}
if(!strcmp(channel24,"2")){
system("uci set wireless.wifi0.channel=2");
}
if(!strcmp(channel24,"3")){
system("uci set wireless.wifi0.channel=3");
}
if(!strcmp(channel24,"4")){
system("uci set wireless.wifi0.channel=4");
}
if(!strcmp(channel24,"5")){
system("uci set wireless.wifi0.channel=5");
}
if(!strcmp(channel24,"6")){
system("uci set wireless.wifi0.channel=6");
}
if(!strcmp(channel24,"7")){
system("uci set wireless.wifi0.channel=7");
}
if(!strcmp(channel24,"8")){
system("uci set wireless.wifi0.channel=8");
}
if(!strcmp(channel24,"9")){
system("uci set wireless.wifi0.channel=9");
}
if(!strcmp(channel24,"10")){
system("uci set wireless.wifi0.channel=10");
}
if(!strcmp(channel24,"11")){
system("uci set wireless.wifi0.channel=11");
}
if(!strcmp(channel24,"12")){
system("uci set wireless.wifi0.channel=12");
}
if(!strcmp(channel24,"13")){
system("uci set wireless.wifi0.channel=13");
}
if(!strcmp(wireless_mode,"ap")){
system("uci set wireless.@wifi-iface[0].mode=ap");
}
if(!strcmp(wireless_mode,"sta")){
system("uci set wireless.@wifi-iface[0].mode=sta");
}
if(strcmp(ssid24,"0")!=0){
sprintf(cmd, "uci set wireless.@wifi-iface[0].ssid=%s", ssid24);
system(cmd);
}
if(strcmp(pwd24,"0")!=0){
sprintf(pwdcmd, "uci set wireless.@wifi-iface[0].key=%s", pwd24);
system(pwdcmd);
}
//0이면 Disable 1이면 Enable
if(!strcmp(wds24,"0")){
system("uci set wireless.@wifi-iface[0].wds=0");
}
if(!strcmp(wds24,"1")){
system("uci set wireless.@wifi-iface[0].wds=1");
}
//0이면 Enable 1이면 Disable
if(!strcmp(apmode,"0")){
system("uci set wireless.wifi0.disabled=0");
}
if(!strcmp(apmode,"1")){
system("uci set wireless.wifi0.disabled=1");
}
system("uci commit wireless");
system("wifi");
}
void set_reboot(char *input)
{
system("sleep 3 && reboot &");
}
void unencode(char *src, char *last, char *dest)
{
for(; src != last; src++, dest++)
if(*src == '+')
*dest = ' ';
else if(*src == '%')
{
int code;
if(sscanf(src+1, "%2x", &code) != 1) code = '?';
*dest = code;
src +=2;
} else
*dest = *src;
}
int main(int argc, char *argv[])
{
char *form, *inStr;
long inLen;
printf("Content-Type: text/html\n\n",10,10);
printf("<HTML>\n");
printf("<head>\n");
printf("<meta http-equiv=\"X-UA-Compatible\" content=\"IE=7\">\n");
inLen = strtol(getenv("CONTENT_LENGTH"), NULL, 10) + 1;
inStr = malloc(inLen);
memset(inStr, 0, inLen);
fgets(inStr, inLen+1, stdin);
form = web_get("page", inStr, 0);
// printf("Content-Type: text/html\n\n");
// printf("");
// printf("<!DOCTYPE html>\n");
// printf("<HTML>\n");
// printf("<BODY>\n");
// printf("<head>\n");
// printf("<meta http-equiv=\"X-UA-Compatible\" content=\"IE=7\">\n");
if (!strcmp(form, "reboot")) {
set_reboot(inStr); //kyj add
printf("<script type='text/javascript'>document.location.href='../index.shtml';</script>\n");
}
if (!strcmp(form,"twog")){
set_twog(inStr);
printf("<script type='text/javascript'>document.location.href='../wireless_setting.shtml';</script>\n");
}
if(!strcmp(form,"fiveg")){
set_fiveg(inStr);
printf("<script type='text/javascript'>document.location.href='../5gwireless_setting.shtml';</script>\n");
}
if(!strcmp(form,"check5g")){
check_fiveg(inStr);
printf("<script type='text/javascript'>document.location.href='../main.shtml';</script>\n");
}
if(!strcmp(form,"check2g")){
check_twog(inStr);
printf("<script type='text/javascript'>document.location.href='../main.shtml';</script>\n");
}
free(inStr);
printf("</head>\n");
// printf("</BODY>\n");
printf("</HTML>");
return 0;
}
My cgi source. Is there anything wrong?
My guess is that system("wifi") is the culprit. Try using system("wifi >/dev/null") instead.
BTW, your code is full of direct root shell injections. Never ever pass a value from the environment directly into system(). An HTTP form parameter like ssid24=1; rm -rf / would completely brick the system.
I see your point Thanks for taking time out from your busy schedule
I will compile it now and let you know the results.
thank you.
Resolved.
Can you tell me what the problem is?
You were told twice:
There is no such thing on my device; and you wrote the code displaying results on the webpage in the screenshot.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.