[ Avaa Bypassed ]

Upload:

Command:

www-data@3.144.134.101: ~ $ 
#!/usr/bin/perl
# download.cgi
# Save a download or start it right now

require './updown-lib.pl';
use Time::Local;
&ReadParse();
&error_setup($text{'download_err'});

# Validate and store inputs
$i = 0;
@urls = split(/[\r\n]+/, $in{'urls'});
@urls || &error($text{'download_enone'});
foreach $u (@urls) {
	local ($proto, $host, $port, $page, $ssl);
	if ($u =~ /^http/) {
		($host, $port, $page, $ssl, $user, $pass) = &parse_http_url($u);
		$proto = $ssl ? "https" : "http";
		}
	elsif ($u =~ /^ftp:\/\/([^\/]+)(:21)?(\/.*)$/) {
		$proto = "ftp";
		$host = $1; $page = $3;
		}
	else {
		&error(&text('download_eurl', $u));
		}
	if ($host =~ /^([^:\@]+):([^:\@]+)\@(\S+)/) {
		$user = $1;
		$pass = $2;
		$host = $3;
		}
	$download{"url_$i"} = $u;
	$download{"proto_$i"} = $proto;
	$download{"host_$i"} = $host;
	$download{"user_$i"} = $user;
	$download{"pass_$i"} = $pass;
	$download{"port_$i"} = $port;
	$download{"page_$i"} = $page;
	$download{"ssl_$i"} = $ssl;
	$i++;
	}
$in{'dir'} || &error($text{'upload_edir'});
&can_write_file($in{'dir'}) ||
	&error(&text('download_eaccess', "<tt>$in{'dir'}</tt>", $!));
$download{'dir'} = $in{'dir'};
if ($can_mode != 3) {
	# User can be entered
	scalar(@uinfo = getpwnam($in{'user'})) || &error($text{'upload_euser'});
	&can_as_user($in{'user'}) ||
		&error(&text('download_eucannot', $in{'user'}));
	$download{'uid'} = $uinfo[2];
	$in{'group_def'} || scalar(@ginfo = getgrnam($in{'group'})) ||
		&error($text{'upload_egroup'});
	$can_mode == 0 || $in{'group_def'} || &in_group(\@uinfo, \@ginfo) ||
		&error($text{'download_egcannot'});
	$download{'gid'} = scalar(@ginfo) ? $ginfo[2] : $uinfo[3];
	}
else {
	# User is fixed
	if (&supports_users()) {
		@uinfo = getpwnam($remote_user);
		$download{'uid'} = $uinfo[2];
		$download{'gid'} = $uinfo[3];
		}
	}
if ($in{'bg'} && $can_schedule) {
	# Validate time
	$in{'hour'} =~ /^\d+$/ && $in{'min'} =~ /^\d+$/ &&
		$in{'day'} =~ /^\d+$/ && $in{'year'} =~ /^\d+$/ ||
			&error($text{'download_edate'});
	eval { $download{'time'} = timelocal(0, $in{'min'}, $in{'hour'},
			 $in{'day'}, $in{'month'}, $in{'year'}-1900) };
	$@ && &error($text{'download_edate2'});
	}
if (defined($in{'email_def'}) && !$in{'email_def'}) {
	# Validate email
	$in{'email'} =~ /\S/ || &error($text{'upload_eemail'});
	$download{'email'} = $in{'email'};
	}

# Create the directory if needed
if (!-d $download{'dir'} && $in{'mkdir'}) {
	&switch_uid_to($download{'uid'}, $download{'gid'});
	mkdir($download{'dir'}, 0755) || &error(&text('upload_emkdir', $!));
	&switch_uid_back();
	}

# Save the settings
if ($module_info{'usermin'}) {
	&lock_file("$user_module_config_directory/config");
	$userconfig{'ddir'} = $in{'dir'};
	&write_file("$user_module_config_directory/config", \%userconfig);
	&unlock_file("$user_module_config_directory/config");
	}
else {
	&lock_file("$module_config_directory/config");
	$config{'ddir_'.$remote_user} = $in{'dir'};
	$config{'duser_'.$remote_user} = $in{'user'};
	$config{'dgroup_'.$remote_user} = $in{'group_def'} ? undef
							   : $in{'group'};
	&write_file("$module_config_directory/config", \%config);
	&unlock_file("$module_config_directory/config");
	}

if ($in{'bg'} && $can_background) {
	# Create a script to be called by At
	&foreign_require("cron", "cron-lib.pl");
	&lock_file($atjob_cmd);
	&cron::create_wrapper($atjob_cmd, $module_name, "download.pl");
	&unlock_file($atjob_cmd);
	&save_download(\%download);

	if (!$can_schedule) {
		# Just run this script right now
		&execute_command("$atjob_cmd $download{'id'} &");
		}
	else {
		# Create an At job to do the download
		&foreign_require("at", "at-lib.pl");
			{
			local %ENV;
			delete($ENV{'FOREIGN_MODULE_NAME'});
			delete($ENV{'FOREIGN_ROOT_DIRECTORY'});
			&clean_environment();
			$ENV{'REMOTE_USER'} = $remote_user;	# For usermin
			$ENV{'BASE_REMOTE_USER'} = $base_remote_user;
			&at::create_atjob(
				$module_info{'usermin'} ? $remote_user : "root",
				$download{'time'},
				"$atjob_cmd $download{'id'}",
				"/");
			&reset_environment();
			}
		}

	&redirect("index.cgi?mode=download");
	}
else {
	# Download it now, and show the results
	&ui_print_unbuffered_header(undef, $text{'download_title'}, "");

	$error = &do_download(\%download, \&progress_callback, \@paths);
	@paths = grep { $_ } @paths;
	if (@paths) {
		print "<p>$text{'download_done'}<p>\n";
		foreach $p (@paths) {
			@st = stat($p);
			print "<tt>$p</tt> ($st[7] bytes)<br>\n";
			}
		}
	if ($error) {
		print "<p><b>",&text('download_failed', $error),"</b><p>\n";
		}

	&ui_print_footer("index.cgi?mode=download", $text{'index_return'});
	}
&webmin_log("download", undef, undef, { 'urls' => \@urls,
					'time' => $download{'time'} });

Filemanager

DIR : / usr/ share/ webmin/ updown/
Name Type Size Permission Actions
images Folder 0755
lang Folder 0755
CHANGELOG File 876 B 0644
acl_security.pl File 1.74 KB 0755
cancel.cgi File 850 B 0755
config File 34 B 0644
config.info.ca File 376 B 0644
config.info.cz File 0 B 0644
defaultacl File 42 B 0644
download.cgi File 4.58 KB 0755
download.pl File 1.39 KB 0755
fetch.cgi File 3.1 KB 0755
index.cgi File 7.05 KB 0755
log_parser.pl File 986 B 0755
module.info File 210 B 0644
module.info.af File 0 B 0644
module.info.af.auto File 179 B 0644
module.info.ar File 0 B 0644
module.info.ar.auto File 250 B 0644
module.info.be File 0 B 0644
module.info.be.auto File 289 B 0644
module.info.bg File 0 B 0644
module.info.bg.auto File 293 B 0644
module.info.ca File 168 B 0644
module.info.ca.auto File 20 B 0644
module.info.cs File 30 B 0644
module.info.cs.auto File 144 B 0644
module.info.da File 0 B 0644
module.info.da.auto File 183 B 0644
module.info.de File 174 B 0644
module.info.de.auto File 19 B 0644
module.info.el File 0 B 0644
module.info.el.auto File 334 B 0644
module.info.es File 27 B 0644
module.info.es.auto File 152 B 0644
module.info.eu File 0 B 0644
module.info.eu.auto File 180 B 0644
module.info.fa File 0 B 0644
module.info.fa.auto File 267 B 0644
module.info.fi File 27 B 0644
module.info.fi.auto File 137 B 0644
module.info.fr File 38 B 0644
module.info.fr.auto File 166 B 0644
module.info.he File 0 B 0644
module.info.he.auto File 207 B 0644
module.info.hr File 0 B 0644
module.info.hr.auto File 165 B 0644
module.info.hu File 32 B 0644
module.info.hu.auto File 159 B 0644
module.info.it File 26 B 0644
module.info.it.auto File 130 B 0644
module.info.ja File 48 B 0644
module.info.ja.auto File 217 B 0644
module.info.ko File 31 B 0644
module.info.ko.auto File 170 B 0644
module.info.lt File 0 B 0644
module.info.lt.auto File 167 B 0644
module.info.lv File 0 B 0644
module.info.lv.auto File 214 B 0644
module.info.ms File 191 B 0644
module.info.ms.auto File 19 B 0644
module.info.mt File 0 B 0644
module.info.mt.auto File 169 B 0644
module.info.nl File 31 B 0644
module.info.nl.auto File 155 B 0644
module.info.no File 33 B 0644
module.info.no.auto File 158 B 0644
module.info.pl File 147 B 0644
module.info.pl.auto File 20 B 0644
module.info.pt File 0 B 0644
module.info.pt.auto File 176 B 0644
module.info.pt_BR File 0 B 0644
module.info.pt_BR.auto File 185 B 0644
module.info.ro File 0 B 0644
module.info.ro.auto File 191 B 0644
module.info.ru File 49 B 0644
module.info.ru.auto File 256 B 0644
module.info.sk File 26 B 0644
module.info.sk.auto File 145 B 0644
module.info.sl File 0 B 0644
module.info.sl.auto File 159 B 0644
module.info.sv File 0 B 0644
module.info.sv.auto File 190 B 0644
module.info.th File 0 B 0644
module.info.th.auto File 372 B 0644
module.info.tr File 29 B 0644
module.info.tr.auto File 144 B 0644
module.info.uk File 0 B 0644
module.info.uk.auto File 317 B 0644
module.info.ur File 0 B 0644
module.info.ur.auto File 299 B 0644
module.info.vi File 0 B 0644
module.info.vi.auto File 211 B 0644
module.info.zh File 0 B 0644
module.info.zh.auto File 142 B 0644
module.info.zh_TW File 27 B 0644
module.info.zh_TW.auto File 127 B 0644
safeacl File 28 B 0644
uninstall.pl File 340 B 0755
updown-lib.pl File 7.44 KB 0755
upload.cgi File 6.42 KB 0755

© 2025 Coded By Avaa Code.