!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/pserver/   drwxr-xr-x
Free 50.94 GB of 127.8 GB (39.86%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     cvsweb.conf (9.83 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
# -*-perl-*-
# Configuration of cvsweb.cgi, the
# CGI interface to CVS Repositories.
#
# (c) 1998-1999 H. Zeller    <zeller@think.de>
#     1999      H. Nordström <hno@hem.passagen.se>
#          based on work by Bill Fenner  <fenner@freebsd.org>
# $Id: cvsweb.conf,v 1.29 2001/07/23 09:14:52 hzeller Exp $
#
###

##############
# CVS Root
##############
# CVSweb can handle several CVS-Repositories
# at once. Enter a short symbolic names and the
# full path of these repositories here.
# NOTE that the symbolic names may not contain
# whitespaces.
# Note, that cvsweb.cgi currently needs to have physical access
# to the CVS repository so :pserver:someone@xyz.com:/data/cvsroot
# won't work!

# 'symbolic_name' 'path_to_the_actual_repository'
%CVSROOT = ( 'Root' => $config{'cvsroot'} );

# This tree is enabled by default when
# you enter the page
$cvstreedefault = 'Root';

##############
# Defaults for UserSettings
##############
%DEFAULTVALUE = (
      # sortby: File sort order
      #   file   Sort by filename
      #   rev    Sort by revision number
      #   date   Sort by commit date
      #   author Sort by author
      #   log    Sort by log message

      "sortby" => "file",

      # hideattic: Hide or show files in Attic
      #   1      Hide files in Attic
      #   0      Show files in Attic

      "hideattic" => "1",

      # logsort: Sort order for CVS logs
      #   date   Sort revisions by date
      #   rev    Sort revision by revision number
      #   cvs    Don't sort them. Same order as CVS/RCS shows them.

      "logsort" => "date",

      # f:	 Default diff format
      #   h      Human readable
      #   u      Unified diff
      #   c      Context diff
      #   s      Side by side
      "f" => "h",	  

      # hidecvsroot: Don't show the CVSROOT directory
      #   1      Hide CVSROOT directory
      #   0      Show CVSROOT directory
      "hidecvsroot" => "0",

      # hidenonreadable: Don't show entries which cannot be read
      #   1      Hide non-readable entries
      #   0      Show non-readable entries
      "hidenonreadable" => "1",
);

##############
# some layout stuff
##############

# color settings in the body-tag
$body_tag = '<body text="#000000" bgcolor="#ffffff">';

# Wanna have a logo on the page ?
#$logo = '<img src="/icons/apache_pb.gif">';

# The title of the Page on startup
$defaulttitle = "CVS Repository";

# The address is shown on the footer
$address = "<font size=-1>CVSweb by &lt;zeller\@think.de&gt;</font>";

# Default page background color for the diffs
# and annotations
$backcolor = "#eeeeee";

# color of navigation Header for
# diffs and annotations
$navigationHeaderColor = '#9999ee';

open(HEADER, $config{'view_header'});
while(<HEADER>) {
	$long_intro .= $_;
	}
close(HEADER);

$short_instruction = <<EOT;
<p>
Click on a directory to enter that directory. Click on a file to display
its revision history and to get a chance to display diffs between revisions. 
</p>
EOT

# used icons; if icon-url is empty, the text representation is used; if
# you do not want to have an ugly tooltip for the icon, remove the
# text-representation.
# The width and height of the icon allow the browser to correcly display
# the table while still loading the icons.
# These default icons are coming with apache.
# If these icons are too large, check out the miniicons in the
# icons/ directory; they have a width/height of 16/16
# format:               TEXT      ICON-URL          width height
%ICONS  = (
	   back => [ ("[BACK]", "/images/left.gif", 20,   22) ],
	   dir  => [ ("[DIR]",  "/images/dir.gif",  20,   22) ],
	   file => [ ("[TXT]",  "/images/text.gif", 20,   22) ],
	   );

# the length to which the last logentry should
# be truncated when shown in the directory view
$shortLogLen = 80;

# Show author of last change
$show_author = 1;

##############
# table view for directories
##############

# Show directory as table
# this is much more readable but has one
# drawback: the whole table has to be loaded
# before common browsers display it which may
# be annoying if you have a slow link - and a
# large directory ..
$dirtable = 1;

# show different colors for even/odd rows
@tabcolors = ('#ccccee', '#ffffff');
$tablepadding = 2;

# Color of Header
$columnHeaderColorDefault = '#cccccc';
$columnHeaderColorSorted = '#88ff88';

# 
# If you want to have colored borders 
# around each row, uncomment this
# $tableBorderColor = '#999999';

#
# Modules in the repository that should not be displayed, either by default
# nor by explicit path specification. Usually, you don't want to display
# CVSROOT.
#
@HideModules = ( 
		 "CVSROOT",
		);

#
# Files matching this name shouldn't be checked out with cvsweb, since
# they may contain sensitive information. Simple file name based
# filter. Often, the CVSROOT/passwd is exposed and some people tend
# to check in their .cvspass, though this is a bad idea. These files shouldn't
# be readable by default. Thanks to Damian Gryski to point this out.
@DissallowRead = ( "\^.cvspass\$", "^passwd\$");

#
# Use CVSROOT/CVSROOT/descriptions for describing the directories/modules
# See INSTALL section 8
#
$use_descriptions = 0;

##############
# Human Readable Diff
##############

# (c) 1998 H. Zeller <zeller@think.de>
#
# Generates two columns of color encoded
# diff; much like xdiff or emacs-ediff mode.
#
# The diff-stuff is a piece of code I once made for
# cvs2html which is under GPL,
# see http://www.sslug.dk/cvs2html
# (c) 1997/98 Peter Toft <pto@sslug.imm.dtu.dk>
#
# some parameters to screw:
##

# make lines breakable so that the columns do not
# exceed the width of the browser
$hr_breakable = 1;

# give out function names in human readable diffs
# this just makes sense if we have C-files, otherwise
# diff's heuristic doesn't work well ..
# ( '-p' option to diff)
$hr_funout = 0;

# ignore whitespaces for human readable diffs
# (indendation and stuff ..)
# ( '-w' option to diff)
$hr_ignwhite = 1;

# ignore diffs which are caused by
# keyword-substitution like $Id - Stuff
# ( '-kk' option to rcsdiff)
$hr_ignkeysubst = 1;

# Colors and font to show the diff type of code changes
$diffcolorHeading    = '#99cccc';  # color of 'Line'-head of each diffed file
$diffcolorEmpty      = '#cccccc';  # color of 'empty' lines
$diffcolorRemove     = '#ff9999';  # Removed line(s) (left)  (  -  )
$diffcolorChange     = '#99ff99';  # Changed line(s) (     both    )
$diffcolorAdd        = '#ccccff';  # Added line(s)   (  - )  (right)
$diffcolorDarkChange = '#99cc99';  # lines, which are empty in change
$difffontface        = "Helvetica,Arial";
$difffontsize        = "-1";

# the width of the textinput of the
# request-diff-form
$inputTextSize = 12;

##############
# Mime Types
##############

# mapping to mimetypes to help
# cvsweb to guess the correct mime-type on
# checkout; you can use the mime.types from
# apache here:
$mime_types = '/usr/local/web/apache/conf/mime.types';

# quick mime-type lookup; maps file-suffices to
# mime-types for displaying checkouts in the browser.
# Further MimeTypes will be found in the 
# file $mime_types (apache style mime.types - file)
# - add common mappings here for faster lookup
%MTYPES = (
	   "html"  => "text/html",
	   "shtml" => "text/html",
	   "gif"   => "image/gif",
	   "jpeg"  => "image/jpeg",
	   "jpg"   => "image/jpeg",   
	   "*"	   => "text/plain",
	   );

##############
# Misc
##############
# allow annotation of files
# this requires rw-access to the
# CVSROOT/history - file and rw-access
# to the subdirectory to place the lock
# so you maybe don't want it
$allow_annotate = 1;

# allow pretty-printed version of files
$allow_markup = 1;

# allow compression with gzip
# of output if the Browser accepts
# it (HTTP_ACCEPT_ENCODING=gzip)
# [make sure to have gzip in the path]
$allow_compress = 1;

# Make use of javascript functions.
# This way you can select one of your CVSroot
# without pressing 'Go' (.. if you do have more
# than one CVSROOT defined)
$use_java_script = 1;

# open Download-Links in another window
$open_extern_window = 1;

# The size of this extern window; this size option
# needs use_java_script to be defined
# just comment them if you don't want to have a fixed
# size
#$extern_window_width = 600;
#$extern_window_height = 440;

# Edit Options
# Enable form to edit your options (hideattic,sortbydate)
# this isn't necessary if you've $dirtable defined 'cause
# this allows editing of all your options more intuitive
$edit_option_form = (not $dirtable);

# remember to set the path to your
# rcsutils: rlog, rcsdiff (gzip if you use compression)
#$ENV{'PATH'} = '/usr/local/bin';

# If you have files which automatically refers to other files
# (such as HTML) then this allows you to browse the checked
# out files as if outside CVS.
$checkout_magic = 1;

# Show last changelog message for sub directories
# The current implementation makes many assumptions and may show the
# incorrect file at some times. The main assumption is that the last
# modified file has the newest filedate. But some CVS operations
# touches the file without even when a new version is't checked in,
# and TAG based browsing essientially puts this out of order, unless
# the last checkin was on the same tag as you are viewing.
# Enable this if you like the feature, but don't rely on correct results.
$show_subdir_lastmod = 0;

# Background color of logentry in markup
$markupLogColor = "#ffffff";

# Show CVS log when viewing file contents
$show_log_in_markup = 1;

# Tabstop used to expand tabs in colored diffs. If undefined then
# tabs are always expanded to 8 spaces.
$tabstop = 8;

# if you wish to display absolute times in your local timezone,
# then define mytz and fill in the strings for your standard and
# daylight time. Note that you must also make sure the system
# timezone is correctly set.
# @mytz=("EST", "EDT");

# cvsweb is friendly to caches by indicating a suitable
# last-modified timestamp. Doing this uses slightly more
# CPU so you might want to disable it if you have a slow
# server
$use_moddate = 1;

#EOF

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0116 ]--