HEX
Server: Apache/2.4.37 (CentOS Stream) OpenSSL/1.1.1k
System: Linux ysnet.com.tw 4.18.0-553.5.1.el8.x86_64 #1 SMP Tue May 21 05:46:01 UTC 2024 x86_64
User: test (521)
PHP: 7.4.33
Disabled: NONE
$ pwd: /usr/libexec/webmin/filemin/
Upload Files
File: //usr/libexec/webmin/filemin/compress.cgi
#!/usr/bin/perl

require './filemin-lib.pl';
&ReadParse();
get_paths();

if (!$in{'arch'}) {
	&redirect("index.cgi?path=".&urlize($path));
	return;
	}

my $command;

if ($in{'method'} eq 'plain-tar') {
	$full = "$cwd/$in{'arch'}.tar";
	$command = "tar cf ".quotemeta($full).
		" -C ".quotemeta($cwd);
	}
elsif ($in{'method'} eq 'xz-tar') {
	$full = "$cwd/$in{'arch'}.tar.xz";
	$command = "tar cJf ".quotemeta($full).
		" -C ".quotemeta($cwd);
	}
elsif ($in{'method'} eq 'zstd-tar') {
	$full = "$cwd/$in{'arch'}.zst";
	$command = "ZSTD_CLEVEL=19 tar --zstd -cf ".
		quotemeta($full).
		" -C ".quotemeta($cwd);
	}
elsif ($in{'method'} eq 'tar') {
	$full = "$cwd/$in{'arch'}.tar.gz";
	$command = "tar czf ".quotemeta($full).
		" -C ".quotemeta($cwd);
	}
elsif ($in{'method'} eq 'zip') {
	$full = "$cwd/$in{'arch'}.zip";
	$command = "cd ".quotemeta($cwd).
		" && zip -r ".quotemeta($full);
	}
else {
	&error("Unknown method!");
	}
$newfile = !-e $full;

foreach my $name (split(/\0/, $in{'name'})) {
	$command .= " ".quotemeta($name);
	}

my @st = stat($cwd);
&system_logged($command);
if ($newfile) {
	&set_ownership_permissions(
		$st[4], $st[5], undef, $full);
	}

&redirect("index.cgi?path=".&urlize($path));
@ Telegram