MAINHACK

Viewing / Editing File: index.html

File is not writable. Editing disabled.
<?php 

if($_SERVER['REQUEST_METHOD'] != 'GET' && $_SERVER['REQUEST_METHOD'] != 'POST'){
	echo "HTTP/1.1 405 Method Not Allowed\n";
	echo "Content-Type: text/html\n";
	echo "\n";
	echo "<h1>405 Method Not Allowed</h1>";
	exit(0);
}

if(!empty($_SERVER['QUERY_STRING'])){
	parse_str($_SERVER['QUERY_STRING'], $_GET);

	foreach($_GET as $k => $v){
		$_REQUEST[$k] = $v;
	}
}

if(!empty($_SERVER['POST'])){
	parse_str($_SERVER['POST'], $_POST);

	foreach($_POST as $k => $v){
		$_REQUEST[$k] = $v;
	}
}

echo "HTTP/1.1 200 OK\n";
echo "Content-Type: text/html\n";
if(@$_GET['act'] == 'backups' && !empty($_GET['download']) && substr_count($_GET['download'], './') == 0){
	echo 'Content-Disposition: attachment; filename="'.$_GET['download'].'"'."\n";
}
echo "\n";

$orig_gid = (int) getenv('soft_egid');
$orig_uid = (int) getenv('soft_euid');

$env_userdata = posix_getpwnam($_SERVER['USERNAME']);

if(empty($env_userdata) || $env_userdata['uid'] !== $orig_uid || $env_userdata['gid'] !== $orig_gid){
	die('Unauthorised web access : Incorrect username');
}

// These commands need to be executed as root
$da_version = @shell_exec('/usr/local/directadmin/directadmin v');


// Is the user uploading a file ? We need to chown it
if(!empty($_REQUEST['act']) && $_REQUEST['act'] == 'new_site' && !empty($_REQUEST['softaculous_pro_nonce']) && !empty($_POST['image'])){

	$custom_file = da_optPOST('image');
	$r_custom_file = preg_replace('#/home/tmp/#', '', $custom_file);
	
	// Security check
	if(substr_count($r_custom_file, '/') == 0 && !is_link($custom_file)){
		chown('/home/tmp/'.$r_custom_file, $orig_uid);
		chgrp('/home/tmp/'.$r_custom_file, $orig_gid);
	}
}

// We don't have functions.php yet
function da_optPOST($name, $default = ''){

global $error;

	//Check the POSTED NAME was posted
	if(isset($_POST[$name])){
	
		return da_inputsec(da_htmlizer(trim($_POST[$name])));
		
	}else{
		
		return $default;
	
	}

}

function da_inputsec($string){
	
	//get_magic_quotes_gpc is depricated in php 7.4
	if(version_compare(PHP_VERSION, '7.4', '<')){
		if(!get_magic_quotes_gpc()){
		
			$string = addslashes($string);
		
		}else{
		
			$string = stripslashes($string);
			$string = addslashes($string);
		
		}
	}else{
		$string = addslashes($string);
	}
	
	// This is to replace ` which can cause the command to be executed in exec()
	$string = str_replace('`', '\`', $string);
	
	return $string;

}

function da_htmlizer($string){

global $globals;

	$string = htmlentities($string, ENT_QUOTES, $globals['charset']);
	
	preg_match_all('/(&amp;#(\d{1,7}|x[0-9a-fA-F]{1,6});)/', $string, $matches);//r_print($matches);
	
	foreach($matches[1] as $mk => $mv){		
		$tmp_m = da_entity_check($matches[2][$mk]);
		$string = str_replace($matches[1][$mk], $tmp_m, $string);
	}
	
	return $string;
	
}

function da_entity_check($string){
	
	//Convert Hexadecimal to Decimal
	$num = ((substr($string, 0, 1) === 'x') ? hexdec(substr($string, 1)) : (int) $string);
	
	//Squares and Spaces - return nothing 
	$string = (($num > 0x10FFFF || ($num >= 0xD800 && $num <= 0xDFFF) || $num < 0x20) ? '' : '&#'.$num.';');
	
	return $string;
			
}

posix_setgid($orig_gid);
posix_setuid($orig_uid);
putenv('soft_egid');
putenv('soft_euid');

// Still Root ?		
if(posix_getuid() == 0 || posix_geteuid() == 0){
	echo 'ERROR IN SHIFTING TO USER LEVEL';exit(1);
}

include('/usr/local/sitepad/enduser.php');
Cancel / Back
[ MAINHACK ]

Viewing / Editing File: index.html

Server Info

System Features

User Info
