!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/exports/   drwxr-xr-x
Free 50.93 GB of 127.8 GB (39.85%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     index.cgi (1.9 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# index.cgi
# Display a list of directories and their client(s)

$| = 1;
require './exports-lib.pl';
&ui_print_header(undef, $text{'index_title'}, "", "intro", 1, 1, 0,
    &help_search_link("nfs exports", "man", "howto"));

if (!&has_nfs_commands()) {
    print $text{'index_eprog'},"<p>\n";
    &ui_print_footer("/", $text{'index'});
    exit;
    }

# Display table of exports and clients
@exps = &list_exports();
if (@exps) {
    print &ui_form_start("delete_exports.cgi", "post");
    @dirs = &unique(map { $_->{'dir'} } @exps);

    # Directory list heading
    @links = ( &select_all_link("d"),
           &select_invert_link("d"),
           "<a href=\"edit_export.cgi?new=1\">$text{'index_add'}</a>" );
    print &ui_links_row(\@links);
    @tds = ( "width=5" );
    print &ui_columns_start([ "",
                  $text{'index_dir'},
                  $text{'index_to'} ], 100, 0, \@tds);

    # Rows for directories and clients
    foreach $d (@dirs) {
        local @cols;
        push(@cols, &html_escape($d));
        local $dirs;
        @cl = grep { $_->{'dir'} eq $d } @exps;
            $ccount = 0;
        foreach $c (@cl) {
            $dirs .= "&nbsp;|&nbsp; " if ($ccount++);
            $dirs .= "<a href='edit_export.cgi?idx=$c->{'index'}'>".
                 &describe_host($c->{'host'})."</a>\n";
             if (!$c->{'active'}) {
                $dirs .= "<font color=#ff0000>(".
                     $text{'index_inactive'}.")</font>\n"
                }
            }
        push(@cols, $dirs);
        print &ui_checked_columns_row(\@cols, \@tds, "d", $d);
        }
    print &ui_columns_end();
    print &ui_links_row(\@links);
    print &ui_form_end([ [ "delete", $text{'index_delete'} ],
                 [ "disable", $text{'index_disable'} ],
                 [ "enable", $text{'index_enable'} ] ]);
    }
else {
    print "<b>$text{'index_none'}</b> <p>\n";
    print "<a href=\"edit_export.cgi?new=1\">$text{'index_add'}</a> <p>\n";
    }

print &ui_hr();
print &ui_buttons_start();
print &ui_buttons_row("restart_mountd.cgi", $text{'index_apply'},
              $text{'index_applymsg'});
print &ui_buttons_end();

&ui_print_footer("/", $text{'index'});


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0118 ]--