!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/majordomo/   drwxr-xr-x
Free 50.94 GB of 127.8 GB (39.86%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     save_subs.cgi (2.36 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# save_subs.cgi
# Save subscription options

require './majordomo-lib.pl';
&ReadParse();
%access = &get_module_acl();
&can_edit_list(\%access, $in{'name'}) || &error($text{'edit_ecannot'});
$list = &get_list($in{'name'}, &get_config());
&lock_file($list->{'config'});
$conf = &get_list_config($list->{'config'});
&save_list_directive($conf, $list->{'config'}, "subscribe_policy",
             $in{'subscribe_policy'}.$in{'subscribe_policy_c'});
&save_list_directive($conf, $list->{'config'}, "unsubscribe_policy",
             $in{'unsubscribe_policy'});
&save_choice($conf, $list->{'config'}, "welcome");
&save_choice($conf, $list->{'config'}, "strip");
&save_choice($conf, $list->{'config'}, "announcements");
&save_choice($conf, $list->{'config'}, "administrivia");
&save_opt($conf, $list->{'config'}, "admin_passwd", \&check_pass);
&save_choice($conf, $list->{'config'}, "moderate");
&save_opt($conf, $list->{'config'}, "moderator", \&check_email);
&save_opt($conf, $list->{'config'}, "approve_passwd", \&check_pass);

$in{'owner'} =~ /^\S+$/ || &error($text{'subs_eowner'});
$in{'approval'} =~ /^\S+$/ || &error($text{'subs_eapproval'});
$aliases_files = &get_aliases_file();
&foreign_call($aliases_module, "lock_alias_files", $aliases_files);
@aliases = &foreign_call($aliases_module, "list_aliases", $aliases_files);
foreach $a (@aliases) {
    $listowner = $a if (lc($a->{'name'}) eq lc("$in{'name'}-owner"));
    $ownerlist = $a if (lc($a->{'name'}) eq lc("owner-$in{'name'}"));
    $approval = $a if (lc($a->{'name'}) eq lc("$in{'name'}-approval"));
    }
&foreign_call('sendmail', 'modify_alias', $listowner,
          { 'name' => "$in{'name'}-owner",
        'values' => [ $in{'owner'} ],
        'enabled' => 1 }) if ($listowner);
&foreign_call('sendmail', 'modify_alias', $ownerlist,
          { 'name' => "owner-$in{'name'}",
        'values' => [ $in{'owner'} ],
        'enabled' => 1 }) if ($ownerlist);
&foreign_call('sendmail', 'modify_alias', $approval,
          { 'name' => "$in{'name'}-approval",
        'values' => [ $in{'approval'} ],
        'enabled' => 1 }) if ($approval);
&foreign_call($aliases_module, "unlock_alias_files", $aliases_files);

&flush_file_lines();
&unlock_file($list->{'config'});
&webmin_log("subs", undef, $in{'name'});
&redirect("edit_list.cgi?name=$in{'name'}");

sub check_email
{
return $_[0] =~ /^\S+$/ ? undef : $text{'subs_emoderator'};
}

sub check_pass
{
return $_[0] =~ /^\S+$/ ? undef : $text{'subs_epasswd'};
}

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0101 ]--