ok

Mini Shell

Direktori : /proc/self/root/usr/local/sitepad/lib/panels/cwp/
Upload File :
Current File : //proc/self/root/usr/local/sitepad/lib/panels/cwp/index.php

<?php

header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Content-Type: text/html; charset=UTF-8");
if((@$_GET['act'] == 'backups' || @$_GET['act'] == 'import_export') && !empty($_GET['download']) && substr_count($_GET['download'], './') == 0){
	header('Content-Disposition: attachment; filename="'.$_GET['download'].'"');
}

if(is_dir('/usr/local/cwpsrv/var/services/users')){
	$admin_port = array('2030','2031','2086','2087');
	if(!array_key_exists('module', $_GET) && !in_array($_SERVER['SERVER_PORT'], $admin_port)){
		header('Location:../?module=sitepad'); 
		die();
	}
}

if(!function_exists('shell_exec')){
	die('shell_exec function is required for SitePad to work.');
}

$session_number = md5($_SERVER['REMOTE_ADDR']);
session_name("cwpsrv-".$session_number);

//Session path has been changed in v1
if(posix_getuid() == 0 && is_dir('/usr/local/cwpsrv/var/services/users') && is_dir('/root/.cwp_sessions')){
	$cwp_session_save_path = "/root/.cwp_sessions"; 
	session_save_path($cwp_session_save_path);
}

session_start();

// cwp v0 and v1 has different structure and cookie variables
if(is_dir('/usr/local/cwpsrv/var/services/users')){
	if(empty($_SESSION['username'])){
		header('Location:/login/?acc=logon'); 
		die();
	}
}elseif(!$_SESSION['logged']){
	header("Location: ../login.php");
	die();
}

function soft_unlink_user_file($file){
	
	// Is the file safe to delete ?
	if(!soft_is_safe_file($file)) return false; // Security Fix
	
	@unlink($file);
}

function soft_is_safe_file($path){

	// Is it a symlink ?
	if(is_link($path)) return false;
	
	// Is it a file and is a link ?
	$stat = @stat($path);
	if(!is_dir($path) && $stat['nlink'] > 1) return false;
	
	return true;
}

// Is the effective and real userID the same ?
if(posix_getuid() != posix_geteuid()){
	echo "EUID differs from UID. Hacking Attempt !";
	exit;
}

//For enduser
if(posix_getuid() != 0){
	
	$TMP_USER = posix_getpwuid(posix_geteuid());
	$TMP_HOME = $TMP_USER['dir'];

	// Create the directory if it does not exist
	if(!is_dir($TMP_HOME.'/.sitepad/sess/')){
		@mkdir($TMP_HOME.'/.sitepad/sess/', 0711, true);
	}

	// Load the Panel
	$sess = md5(uniqid(microtime()));
	$file = $TMP_HOME.'/.sitepad/sess/'.$sess;
	
	// Touch the file
	touch($file);
	chmod($file, 0600);
	
	$fp = fopen($file, "a");

	if(empty($fp)){
		die('Could not write SESSION DATA.');
	}

	$array = array();
	$array['SERVER'] = $_SERVER;
	$array['POST'] = $_POST;
	$array['GET'] = $_GET;
	$array['REQUEST'] = $_REQUEST;
	$array['COOKIE'] = $_COOKIE;
	$array['SESSION'] = $_SESSION;

	fwrite($fp, json_encode($array));
	fclose($fp);
	chmod($file, 0600);

	session_write_close();

	if(file_exists('/usr/local/cwpsrv/var/services/users')){
		// echo '/usr/local/sitepad/bin/soft '.$sess; die();
		echo shell_exec('/usr/local/sitepad/bin/soft '.$sess);
	}else{
		die('Not supported');
		//echo '/usr/local/cwp/php/bin/php /usr/local/cwp/sitepad/load.php '.$sess;
		//echo shell_exec('/usr/local/cwp/php/bin/php /usr/local/cwp/sitepad/load.php '.$sess);
	}
	@unlink($file); // load.php will also try to delete it!

	// Just to ensure that there should not be any files as a security measures.
	$d = date('i');
	if($d % 2 == 0){
		
		if ($dh = opendir($TMP_HOME.'/.sitepad/sess/')) {
			
			while (($dfile = readdir($dh)) !== false) {
				if($dfile == '.' || $dfile == '..') continue;
				
				clearstatcache();
				$stime = filemtime($TMP_HOME.'/.sitepad/sess/'.$dfile);

				// Delete the file if its there for more than 10 seconds
				if($stime < (time() - 10)){
					@soft_unlink_user_file($TMP_HOME.'/.sitepad/sess/'.$dfile);
				}
			}
			
			closedir($dh);
		}
	}
}else{
	
	@define('SITEPAD', 1);

	//Set error reporting
	error_reporting(E_PARSE);

	#~~~~~~~~~~~~~~~~~~~~~~~~
	# SOFTACULOUS VARIABLES
	#~~~~~~~~~~~~~~~~~~~~~~~~
	if(empty($globals)){
		include_once('/usr/local/sitepad/universal.php');
	}

	include_once($globals['path'].'/globals.php');

	include_once($globals['mainfiles'].'/functions.php');

	// Load the nupanel Class
	if(!class_exists('nupanel')){
		include_once($globals['includes_path'].'/nupanel.php');
	}
	
	include_once($globals['includes_path'].'/admin.php');
}

Zerion Mini Shell 1.0