!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/spam/   drwxr-xr-x
Free 50.94 GB of 127.8 GB (39.85%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     save_white.cgi (2.1 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# save_white.cgi
# Save white and black lists of to and from addresses

require './spam-lib.pl';
&error_setup($text{'white_err'});
&ReadParseMime();
&set_config_file_in(\%in);
&can_use_check("white");
&execute_before("white");
&lock_spam_files();
$conf = &get_config();

&parse_textbox($conf, "whitelist_from");

&parse_textbox($conf, 'unwhitelist_from');

@rcvd = &parse_table("whitelist_from_rcvd", \&rcvd_parser);
&save_directives($conf, 'whitelist_from_rcvd', \@rcvd, 1);

&parse_textbox($conf, 'blacklist_from');

&parse_textbox($conf, 'unblacklist_from');

@to = &parse_table("whitelist_to", \&to_parser);
@oldto = ( &find("whitelist_to", $conf),
       &find("more_spam_to", $conf),
       &find("all_spam_to", $conf) );
&save_directives($conf, \@oldto, \@to, 0);

# Add any imported addresses
if ($in{'import'}) {
    @addrs = ( );
    while($in{'import'} =~ s/((([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+([a-zA-Z]{2,})+)))//) {
        push(@addrs, $1);
        }
    @addrs || &error($text{'import_enone'});
    @addrs = &unique(@addrs);

    @from = map { @{$_->{'words'}} } &find("whitelist_from", $conf);
    %already = map { lc($_), 1 } @from;
    @newaddrs = grep { !$already{lc($_)} } @addrs;
    push(@from, @newaddrs);
    if ($in{'sort'}) {
        @from = sort { ($ua, $da) = split(/\@/, $a);
                   ($ub, $db) = split(/\@/, $b);
                   lc($da) cmp lc($db) || lc($ua) cmp lc($ub) }
                 @from;
        }
    &save_directives($conf, 'whitelist_from', \@from, 1);
    }

&flush_file_lines();
&unlock_spam_files();
&execute_after("white");
&webmin_log("white");
&redirect($redirect_url);

sub from_parser
{
return undef if (!$_[1]);
$_[1] =~ /^\S+$/ || &error(&text('white_efrom', $_[1]));
return $_[1];
}

sub rcvd_parser
{
local $a = &from_parser($_[0], $_[1]);
return undef if (!$a);
$_[2] =~ /^[A-Za-z0-9\.\-]+$/ || &error(&text('white_ercvd', $_[2]));
return "$a $_[2]";
}

sub to_parser
{
local $a = &from_parser($_[0], $_[1]);
return undef if (!$a);
return { 'name' => $_[2] == 0 ? 'whitelist_to' :
           $_[2] == 1 ? 'more_spam_to' : 'all_spam_to',
     'value' => $a };
}


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0093 ]--