!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/software/   drwxr-xr-x
Free 53.79 GB of 127.8 GB (42.09%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     file_info.cgi (2.08 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# file_info.cgi
# Display information about a file owned by the package management system

require './software-lib.pl';
&ReadParse();
$f = $in{'file'};
&ui_print_header(undef, $text{'file_title'}, "", "file_info");

$f =~ s/\/$//;
if ($f !~ /^\//) {
    # if the filename is not absolute, look for it
    foreach $p (split(/:/, $ENV{'PATH'})) {
        last if (&installed_file("$p/$f"));
        }
    }
else {
    # absolute path.. must exist in DB
    &installed_file($f);
    }

if (!%file) {
    print "<b>",&text('file_notfound', "<tt>$f</tt>"),"</b><p>\n";
    }
else {
    # display file info
    $nc = "width=10% nowrap";
    print &ui_table_start($text{'file_title'}, "width=100%", 4);

    print &ui_table_row($text{'file_path'},
                "<tt>".&html_escape($file{'path'})."</tt>", 3);

    print &ui_table_row($text{'file_type'},
                $type_map[$file{'type'}]);

    if ($file{'type'} != 3 && $file{'type'} != 4) {
        print &ui_table_row($text{'file_perms'}, $file{'mode'});

        print &ui_table_row($text{'file_owner'}, $file{'user'});
        print &ui_table_row($text{'file_group'}, $file{'group'});

        if ($file{'type'} == 0) {
            print &ui_table_row($text{'file_size'}, $file{'size'});
            }
        }
    else {
        print &ui_table_row($text{'file_link'},
            "<tt>".&html_escape($file{'link'})."</tt>", 3);
        }
    print &ui_table_end();

    # Show packages containing the file (usually only one)
    print &ui_columns_start([ $text{'file_pack'},
                  $text{'file_class'},
                  $text{'file_desc'} ], 100);
    @pkgs = split(/\s+/, $file{'packages'});
    @vers = split(/\s+/, $file{'versions'});
    $n = &list_packages(@pkgs);
    for($j=0; $j<@pkgs; $j++) {
        for($i=0; $i<$n; $i++) {
            next if ($vers[$i] &&
                 $packages{$i,'version'} ne $vers[$j] ||
                 $packages{$i,'name'} ne $pkgs[$j]);
            local @cols;
            push(@cols, "<a href=\"edit_pack.cgi?package=".
                  &urlize($pkgs[$j])."&version=".&urlize($vers[$j]).
                  "\">$pkgs[$j]</a>");
            $c = $packages{$i,'class'};
            push(@cols, $c || $text{'file_none'});
            push(@cols, $packages{$i,'desc'});
            print &ui_columns_row(\@cols);
            }
        }
    print &ui_columns_end();
    }

&ui_print_footer("", $text{'index_return'});

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]--