Current File : /home/inlingua/www/decay_sym/root/proc/453051/task/453051/cwd/var/softaculous/apps/cxs/index.cgi
#!/usr/bin/perl
###############################################################################
# Copyright 2009-2020, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# start main
use strict;
use File::Find;
use Fcntl qw(:DEFAULT :flock);
use IPC::Open3;

use lib '/etc/cxs';
use ConfigServer::cxsUI;

our ($script, $script_da, $images, %FORM, $myv, %in, %ajaxsubs, %fullsubs);

my ($childin, $childout, $in, @in);
my $pid = open3($childin, $childout, $childout, "/usr/sbin/cxs --version");
my @data = <$childout>;
waitpid ($pid, 0);
chomp @data;
if ($data[0] =~ /v(.*)$/) {$myv = $1}

$script = $ENV{'webuzo_panel_url'}."cxs/index.php";
$images = "/cxs/images";
%ajaxsubs = (
	"cc_body" => 1,
	"cc_dbody" => 1,
	"cc_restore" => 1,
	"cc_report" => 1,
	"cc_showreports" => 1,
	"cc_ignore" => 1,
	"cc_blockip" => 1,
	"cc_delete" => 1,
	"cc_edelete" => 1,
	"tailcmd" => 1,
	"tailscancmd" => 1,
);
%fullsubs = (
	"cc_setup" => 1,
	"cc_setup1" => 1,
	"cc_setup2" => 1,
	"cc_setup3" => 1,
	"cc_setup4" => 1,
	"cc_setup5" => 1,
	"cc_setup6" => 1,
	"cc_delreport" => 1,
	"cc_reports" => 1,
	"cc_stats" => 1,
	"cc_file" => 1,
);

sub ReadParse
{
my $a = $_[0] || \%in;
%$a = ( );
my $meth = $_[1] ? $_[1] : $ENV{'REQUEST_METHOD'};
undef($in);
if ($meth eq 'POST') {
	my $clen = $ENV{'CONTENT_LENGTH'};
	my $got = 0;
	while($got < $clen) {
		my $r = read(STDIN, $in, $clen-$got, $got);
		last if ($r <= 0);
		$got += $r;
		}
	}
if ($ENV{'QUERY_STRING'}) {
	if ($in) { $in .= "&".$ENV{'QUERY_STRING'}; }
	else { $in = $ENV{'QUERY_STRING'}; }
	}
@in = split(/\&/, $in);
foreach my $i (@in) {
	$i =~ /\0/ && &error("Null byte in query string");
	my ($k, $v) = split(/=/, $i, 2);
	if (!$_[2]) {
		$k =~ tr/\+/ /;
		$v =~ tr/\+/ /;
		}
	$k =~ s/%(..)/pack("c",hex($1))/ge;
	$v =~ s/%(..)/pack("c",hex($1))/ge;
	if ($_[3] == 1) {
		$a->{$k} ||= [];
		push(@{$a->{$k}}, $v);
		}
	elsif ($_[3] == 2) {
		$a->{$k} ||= $v;
		}
	else {
		$a->{$k} = defined($a->{$k}) ? $a->{$k}."\0".$v : $v;
		}
	}
}

&ReadParse();

%FORM = %in;

my $bootstrapcss = "<link rel='stylesheet' href='$images/bootstrap/css/bootstrap.min.css'>";
my $jqueryjs = "<script src='$images/jquery.min.js'></script>";
my $bootstrapjs = "<script src='$images/bootstrap/js/bootstrap.min.js'></script>";
my $fontawesome = "<link rel='stylesheet' href='https://use.fontawesome.com/releases/v5.0.10/css/all.css'>";

if ($FORM{action} eq "cc_body" or $FORM{action} eq "cc_dbody" or $FORM{action} eq "cc_showreports") {
} elsif ($ajaxsubs{$FORM{action}}) {
	print "content-type: text/plain\n\n";
} else {
	print "Content-type: text/html\r\n\r\n";
	print <<EOF;
<!doctype html>
<html lang='en'>
<head>
	<title>ConfigServer eXploit Scanner</title>
	<meta charset='utf-8'>
	<meta name='viewport' content='width=device-width, initial-scale=1'>
EOF
	unless ($FORM{action} eq "RunScan" or ($FORM{action} =~ /^cc_/ and !$fullsubs{$FORM{action}} and $FORM{action} !~ /^cc_\w+bulk$/) or $FORM{action} eq "Run Scan" or $FORM{action} eq "viewq" or $FORM{action} eq "tailcmd" or $FORM{action} eq "tailscancmd") {
		print <<EOF;
	$bootstrapcss
	$fontawesome
	<link href='$images/configserver.css' rel='stylesheet' type='text/css'>
	$jqueryjs
	$bootstrapjs
</head>
<body>
<div id="loader"></div>
<a id='toplink' class='toplink' title='Go to bottom'><span class='glyphicon glyphicon-hand-down'></span></a>
<div class='container-fluid'>
<div class='panel panel-default'>
<h4><img src='$images/cxs_small.png' style='padding-left: 10px'>ConfigServer eXploit Scanner - cxs v$myv</h4>
</div>
EOF
	} else {
		print <<EOF;
<!doctype html>
<html lang='en'>
<head>
	$bootstrapcss
	<link href='$images/configserver.css' rel='stylesheet' type='text/css'>
	$jqueryjs
	$bootstrapjs
</head>
<body>
<div class='container-fluid'>
<style>
pre {
	overflow: initial;
}
</style>
EOF
	}
}

ConfigServer::cxsUI::displayUI(\%FORM,\%ajaxsubs,$script,$script_da,$images,$myv);

unless ($ajaxsubs{$FORM{action}}) {
	print <<EOF;
<script>
	\$("#loader").hide();
</script>
</body>
</html>
EOF
}

1;