!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/grub/   drwxr-xr-x
Free 50.94 GB of 127.8 GB (39.86%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     index.cgi (2.21 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# index.cgi
# Display GRUB menu titles

require './grub-lib.pl';
&ui_print_header(undef, $text{'index_title'}, "", undef, 1, 1, 0,
    &help_search_link("grub", "man", "doc"));

# Check that GRUB is installed
if (!-r $config{'menu_file'}) {
    print "<p>",&text('index_efile', "<tt>$config{'menu_file'}</tt>",
              "$gconfig{'webprefix'}/config.cgi?$module_name"),"<p>\n";
    &ui_print_footer("/", $text{'index'});
    exit;
    }
if (!&has_command($config{'grub_path'})) {
    print "<p>",&text('index_epath', "<tt>$config{'grub_path'}</tt>",
              "$gconfig{'webprefix'}/config.cgi?$module_name"),"<p>\n";
    &ui_print_footer("/", $text{'index'});
    exit;
    }

# List the boot options
@crlinks = ( "<a href='edit_title.cgi?new=1'>$text{'index_add'}</a>" );
$conf = &get_menu_config();
$def = &find_value("default", $conf);
@t = &find("title", $conf);
$i = 0;
foreach $t (@t) {
    push(@icons, $t->{'chainloader'} ? "images/chain.gif"
                     : "images/kernel.gif");
    local $tt = &html_escape($t->{'value'});
    push(@titles, $def == $i ? "<b>$tt</b>" : $tt);
    push(@links, "edit_title.cgi?idx=$t->{'index'}");
    push(@befores, $i == 0 ? "&lt;&lt;&nbsp;|&nbsp;" :
        "<a href='up.cgi?idx=$i'>".
        "&lt;&lt;</a>&nbsp;|&nbsp;");
    push(@afters, $i == @t-1 ? "&nbsp;|&nbsp;&gt;&gt;" :
        "&nbsp;|&nbsp;<a href='down.cgi?idx=$i'>".
        "&gt;&gt;</a>");
    $i++;
    }
if (@links) {
    print &ui_links_row(\@crlinks);
    &icons_table(\@links, \@titles, \@icons, 4, undef, undef, undef,
             \@befores, \@afters);
    }
else {
    print "<b>$text{'index_none'}</b><p>\n";
    }
print &ui_links_row(\@crlinks);
print &ui_hr();

print &ui_buttons_start();

# Global options button
print &ui_buttons_row("edit_global.cgi", $text{'index_global'},
              $text{'index_globalmsg'});

# Install button
%flang = &load_language('fdisk');
$text{'select_part'} = $flang{'select_part'};
$text{'select_device'} = $flang{'select_device'};
$text{'select_fd'} = $flang{'select_fd'};
$r = $config{'install'};
$dev = &bios_to_linux($r);
&foreign_require("mount", "mount-lib.pl");
$dev = &mount::device_name($dev);
print &ui_buttons_row("install.cgi", $text{'index_install'},
              &text('index_installmsg', $dev),
              &ui_hidden("dev", $dev));

print &ui_buttons_end();

&ui_print_footer("/", $text{'index'});

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0074 ]--