!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/usermin/   drwxr-xr-x
Free 50.94 GB of 127.8 GB (39.86%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     edit_themes.cgi (2.65 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# edit_themes.cgi
# Display all themes, and allow installation of a new one

require './usermin-lib.pl';
$access{'themes'} || &error($text{'acl_ecannot'});
&ReadParse();
&ui_print_header(undef, $text{'themes_title'}, "");

@themes = &list_themes();
&get_usermin_config(\%uconfig);
if (@themes) {
    print "$text{'themes_desc'}<br>\n";
    print "<form action=change_theme.cgi>\n";
    print "<b>$text{'themes_sel'}</b> <select name=theme>\n";
    foreach $t ( { 'desc' => $text{'themes_default'} }, @themes) {
        printf "<option value='%s' %s>%s\n",
            $t->{'dir'},
            $uconfig{'theme'} eq $t->{'dir'} ? 'selected' : '',
            $t->{'desc'};
        }
    print "</select>\n";
    print "<input type=submit value='$text{'themes_change'}'></form>\n";
    print &ui_hr();
    }

# Display install form
print "$text{'themes_installdesc'}<br>\n";
print "<form action=install_theme.cgi enctype=multipart/form-data method=post>\n";
print "<input type=radio name=source value=0 checked> $text{'mods_local'}\n";
print "<input name=file size=40>\n";
print &file_chooser_button("file", 0, 1),"<br>\n";
print "<input type=radio name=source value=1> $text{'mods_uploaded'}\n";
print "<input name=upload type=file size=30><br>\n";
print "<input type=radio name=source value=2> $text{'mods_ftp'}\n";
print "<input name=url size=40><br>\n";
print "<input type=submit value=\"$text{'themes_installok'}\"></form>\n";

# Display deletion form
&get_usermin_config(\%uconfig);
foreach $c (keys %uconfig) {
    if ($c =~ /^theme_(\S+)$/) {
        $utheme{$uconfig{$c}}++ if (defined(getpwnam($1)));
        }
    }
@themes = grep { $_->{'dir'} ne $uconfig{'theme'} &&
         !$utheme{$_->{'dir'}} } @themes;
if (@themes) {
    print &ui_hr();
    print "$text{'themes_delete'}<br>\n";
    print "<form action=delete_mod.cgi>\n";
    print "<b>$text{'themes_delok'}</b>\n";
    print "<select name=mod>\n";
    foreach $t (@themes) {
        printf "<option value=%s>%s\n",
            $t->{'dir'}, $t->{'desc'};
        }
    print "</select>\n";
    print "<input type=submit value='$text{'delete'}'></form>\n";
    }

# Display export form
print &ui_hr();
print "$text{'themes_desc4'}<p>\n";

print &ui_form_start("export_mod.cgi/theme.ubt.gz");
print "<table>\n";

print "<tr> <td valign=top><b>$text{'themes_exportmods'}</b></td>\n";
print "<td>",&ui_select("mod", undef,
    [ map { [ $_->{'dir'}, $_->{'desc'} ] } @themes ], 5, 1),
    "</td> </tr>\n";

print "<tr> <td valign=top><b>$text{'mods_exportto'}</b></td>\n";
print "<td>",&ui_radio("to", 0,
    [ [ 0, $text{'mods_exportshow'}."<br>" ],
      [ 1, &text('mods_exportfile',
             &ui_textbox("file", undef, 40)) ] ]),"</td> </tr>\n";

print "</table>\n";
print &ui_form_end([ [ "ok", $text{'themes_exportok'} ] ]);

&ui_print_footer("", $text{'index_return'});


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]--