Python CGI

From Network Security Wiki
Jump to navigation Jump to search


Installing

Installation:

sudo apt-get install apache2
sudo apt-get install python3

Enable CGI processing in apache:

sudo a2enmod cgi

Configure Apache2:

sudo nano /etc/apache2/conf-enabled/host-cgi.conf 
ScriptAlias /cgi-bin/ /home/test/scripts/techsupp_analyzer/

<Directory /home/test/scripts/techsupp_analyzer>
        AllowOverride None
        Allow from all
        Require all granted
        Options +ExecCGI
        AddHandler cgi-script .py
</Directory>

Test Script

sudo nano /home/test/scripts/techsupp_analyzer/cgi.py
#!/usr/bin/python3

# -*- coding: UTF-8 -*-# enable debugging

import cgitb
cgitb.enable()

print("Content-Type: text/html;charset=utf-8")
print()
print("Hello World!")

Change Permissions:

sudo chown -R test:www-data cgi-bin/
sudo chmod +x cgi-bin/cgi.bin

Testing:

http://10.140.196.7/cgi-bin/cgi.py

Get inputs from URL

Create a test CGI script in cgi-bin dir:

nano test.py
#!/usr/bin/python

# Import modules for CGI handling 
import cgi, cgitb 

# Create instance of FieldStorage 
form = cgi.FieldStorage() 

# Get data from fields
first_name = form.getvalue('first_name')
last_name  = form.getvalue('last_name')

print "Content-type:text/html\r\n\r\n"
print "<html>"
print "<head>"
print "<title>Hello - Second CGI Program</title>"
print "</head>"
print "<body>"
print "<h2>Hello %s %s</h2>" % (first_name, last_name)
print "</body>"
print "</html>"

Make it executable:

sudo chmod +x test.py

Testing:

http://10.140.196.7/cgi-bin/test.py?first_name=My&last_name=Admin

Get Inputs from Form

File Structure:

--|---index.py
  |
  |---test.py

In the same dir as above test.py, create Form Page:

nano index.py 
#!/usr/bin/python

# Import modules for CGI handling
import cgi, cgitb

print "Content-type:text/html\r\n\r\n"
print "<html>"
print "<head>"
print "<title>Hello - Second CGI Program</title>"
print "</head>"
print "<body>"
print'<form action = "/cgi-bin/test.py" method = "get">'
print'First Name: <input type = "text" name = "first_name">  <br />'
print'Last Name: <input type = "text" name = "last_name" />'
print'<input type = "submit" value = "Submit" />'
print"</form>"
print "</body>"
print "</html>"

Make it executable:

sudo chmod +x index.py

Testing

http://10.140.196.7/cgi-bin/index.py


Javascripts

#!/usr/bin/python3
import json
import cgi, cgitb

# Create instance of FieldStorage
form = cgi.FieldStorage()

# Get data from fields
path = form.getvalue('path')

#Avi Config Loader
f = open("avi_config",'r')
config = json.load(f)
f.close

print("Content-Type: text/html;charset=utf-8\r\n\r\n")

print ("""
<!DOCTYPE html>
<html lang="en">
<title>Tech Support Analyzer Tool</title>
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">

<style>
html,body,h1,h2,h3,h4,h5,h6 {font-family: "Roboto", sans-serif;}
.w3-sidebar {
  z-index: 3;
  width: 250px;
  top: 43px;
  bottom: 0;
  height: inherit;
}
</style>

<script src="/json-browse/jquery-3.4.1.slim.js"></script>
<script src="/json-browse/jquery.json-browse.js"></script>
<link href="/json-browse/jquery.json-browse.css"rel="stylesheet">

<script type="text/javascript">

  window.onload=function(){
$('#json-renderer').jsonBrowse("""+str(convert(config["Tenant"]))+""",{
    collapsed: true
});
}
</script>
</head>

<body>
""")

print('<pre id="json-renderer" class="json-body"></pre>')

print ("""

<!-- END MAIN -->
</body>
</html>
""")


Troubleshooting

  • If the Javascript is not loading & you are getting HTTP Error code 500 in the browser, Need to move the JS files output of the CGI-BIN directory.
  • Every time you trying to access any file within cgi-bin path it is expecting that content will be generated by executing that file.
https://serverfault.com/questions/672189/how-do-i-prevent-apache2-from-trying-to-execute-a-file-as-a-script


References





blog comments powered by Disqus