shell bypass 403

GrazzMean-Shell Shell

: /lib64/python2.7/ [ drwxr-xr-x ]
Uname: Linux gra108.truehost.cloud 4.18.0-553.lve.el8.x86_64 #1 SMP Mon May 27 15:27:34 UTC 2024 x86_64
Software: LiteSpeed
PHP version: 8.2.26 [ PHP INFO ] PHP os: Linux
Server Ip: 87.98.244.154
Your Ip: 3.133.149.244
User: pumpbmko (2127) | Group: pumpbmko (2132)
Safe Mode: OFF
Disable Function:
allow_url_fopen, show_source, system, shell_exec, passthru, exec, phpinfo, mail, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apallow_url_fopen,show_source, system, shell_exec, passthru, exec, phpinfo, mail, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, ap

name : CGIHTTPServer.pyo
�
zfc@s�dZdZdgZddlZddlZddlZddlZddlZddlZddl	Z	dej
fd��YZd�Ze
ad�Zd�Zeejd	�Zed
kr�e�ndS(s�CGI-savvy HTTP Server.

This module builds on SimpleHTTPServer by implementing GET and POST
requests to cgi-bin scripts.

If the os.fork() function is not present (e.g. on Windows),
os.popen2() is used as a fallback, with slightly altered semantics; if
that function is not present either (e.g. on Macintosh), only Python
scripts are supported, and they are executed by the current process.

In all cases, the implementation is intentionally naive -- all
requests are executed sychronously.

SECURITY WARNING: DON'T USE THIS CODE UNLESS YOU ARE INSIDE A FIREWALL
-- it may execute arbitrary Python code or external programs.

Note that status code 200 is sent prior to execution of a CGI script, so
scripts cannot send other status codes such as 302 (redirect).
s0.4tCGIHTTPRequestHandleri����NcBs�eZdZeed�Zeed�Zeed�ZdZd�Z	d�Z
d�Zdd	gZd
�Z
d�Zd�ZRS(
s�Complete HTTP server with GET, HEAD and POST commands.

    GET and HEAD also support running CGI scripts.

    The POST command is *only* implemented for CGI scripts.

    tforktpopen2tpopen3icCs-|j�r|j�n|jdd�dS(sRServe a POST request.

        This is only implemented for CGI scripts.

        i�sCan only POST to CGI scriptsN(tis_cgitrun_cgit
send_error(tself((s%/usr/lib64/python2.7/CGIHTTPServer.pytdo_POST6s
cCs*|j�r|j�Stjj|�SdS(s-Version of send_head that support CGI scriptsN(RRtSimpleHTTPServertSimpleHTTPRequestHandlert	send_head(R((s%/usr/lib64/python2.7/CGIHTTPServer.pyRBs
cCs`t|j�}|jdd�}|| ||d}}||jkr\||f|_tStS(s2Test whether self.path corresponds to a CGI script.

        Returns True and updates the cgi_info attribute to the tuple
        (dir, rest) if self.path requires running a CGI script.
        Returns False otherwise.

        If any exception is raised, the caller should assume that
        self.path was rejected as invalid and act accordingly.

        The default implementation tests whether the normalized url
        path begins with one of the strings in self.cgi_directories
        (and the next character is a '/' or the end of the string).
        t/i(t_url_collapse_pathtpathtfindtcgi_directoriestcgi_infotTruetFalse(Rtcollapsed_pathtdir_septheadttail((s%/usr/lib64/python2.7/CGIHTTPServer.pyRIss/cgi-bins/htbincCs
t|�S(s1Test whether argument path is an executable file.(t
executable(RR((s%/usr/lib64/python2.7/CGIHTTPServer.pyt
is_executableascCs(tjj|�\}}|j�dkS(s.Test whether argument path is a Python script.s.pys.pyw(s.pys.pyw(tosRtsplitexttlower(RRRR((s%/usr/lib64/python2.7/CGIHTTPServer.pyt	is_pythonesc)
Cs�|j\}}|d|}|jdt|�d�}xv|dkr�|| }||d}|j|�}tjj|�r�||}}|jdt|�d�}q<Pq<W|jd�\}}}	|jd�}|dkr�|| ||}
}n
|d}
}|d|
}|j|�}tjj|�sQ|j	dd|�dStjj
|�s{|j	d	d
|�dS|j|�}
|
s�|jp�|j
p�|js�|j	d	d|�dS|j|�s�|j	d	d|�dSntjtj�}|j�|d
<|jj|d<d|d<|j|d<t|jj�|d<|j|d<tj|�}||d<|j|�|d<||d<|	r�|	|d<n|j�}||jdkr�||d<n|jd|d<|jjd�}|r�|j �}t|�dkr�ddl!}ddl"}|d|d<|dj#�dkr�y|j$|d�}Wn|j%k
r~q�X|j d�}t|�dkr�|d|d <q�q�q�n|jj&dkr�|jj(|d!<n|jj&|d!<|jjd"�}|r||d#<n|jjd$�}|r9||d%<ng}xW|jj)d&�D]C}|d d'kr~|j*|j+��qR||d(j d)�}qRWd)j,|�|d*<|jjd+�}|r�||d,<nt-d|jj.d-��}|rd.j,|�|d/<nxdCD]}|j/|d�qW|j0d0d1�|	j1d2d3�}|jr�|
g}d4|kry|j*|�nt2�}|j3j4�tj5�}|dkrtj6|d�\}}x<t7j7|j8gggd�dr�|j8j9d�s�Pq�q�W|r|j:d5|�ndSyqytj;|�Wntj<k
rEnXtj=|j8j>�d�tj=|j3j>�d�tj?|||�Wq�|jj@|jA|j�tjBd6�q�XnddlC} |g}!|j|�r)tDjE}"|"j#�jFd7�r|"d8 |"d9}"n|"d:g|!}!nd4|	krE|!j*|	�n|jGd;| jH|!��ytI|�}#WntJtKfk
r�d}#nX| jL|!d<| jMd=| jMd>| jMd?|�}$|jj#�d@kr�|#dkr�|j8j9|#�}%nd}%xBt7j7|j8jNgggd�dr>|j8jNjOd�s�Pq�q�W|$jP|%�\}&}'|j3jQ|&�|'r}|j:dA|'�n|$jRjS�|$jTjS�|$jU}(|(r�|j:d5|(�n
|jGdB�dS(DsExecute a CGI script.Riit?ti�sNo such CGI script (%r)Ni�s#CGI script is not a plain file (%r)s&CGI script is not a Python script (%r)s!CGI script is not executable (%r)tSERVER_SOFTWAREtSERVER_NAMEsCGI/1.1tGATEWAY_INTERFACEtSERVER_PROTOCOLtSERVER_PORTtREQUEST_METHODt	PATH_INFOtPATH_TRANSLATEDtSCRIPT_NAMEtQUERY_STRINGtREMOTE_HOSTtREMOTE_ADDRt
authorizationii����t	AUTH_TYPEtbasict:tREMOTE_USERtCONTENT_TYPEscontent-lengthtCONTENT_LENGTHtreferertHTTP_REFERERtaccepts	

 it,tHTTP_ACCEPTs
user-agenttHTTP_USER_AGENTtcookies, tHTTP_COOKIEi�sScript output followst+t t=sCGI script exit status %#xisw.exei����i����s-uscommand: %ststdintstdouttstderrtenvtposts%ssCGI script exited OK(R)R*R2R8R:R4(VRRtlenttranslate_pathRRtisdirt	partitiontexistsRtisfileRt	have_forkthave_popen2thave_popen3Rtcopytdeepcopytenvirontversion_stringtservertserver_nametprotocol_versiontstrtserver_porttcommandturllibtunquotetaddress_stringtclient_addresstheaderst	getheadertsplittbase64tbinasciiRtdecodestringtErrort
typeheadertNonettypetgetallmatchingheaderstappendtstriptjointfiltert
getheaderst
setdefaultt
send_responsetreplacet
nobody_uidtwfiletflushRtwaitpidtselecttrfiletreadt	log_errortsetuidterrortdup2tfilenotexecvethandle_errortrequestt_exitt
subprocesstsysRtendswithtlog_messagetlist2cmdlinetintt	TypeErrort
ValueErrortPopentPIPEt_socktrecvtcommunicatetwriteR@tcloseR?t
returncode()RtdirtrestRtitnextdirtnextrestt	scriptdirt_tquerytscriptt
scriptnamet
scriptfiletispyRAtuqrestthostR,R]R^tlengthR3R5tlinetuatcotkt
decoded_querytargstnobodytpidtstsR}tcmdlinetinterptnbytestptdataR?R@tstatus((s%/usr/lib64/python2.7/CGIHTTPServer.pyRjs2













			
%		
				!(

	(t__name__t
__module__t__doc__thasattrRRIRJRKtrbufsizeRRRRRRR(((s%/usr/lib64/python2.7/CGIHTTPServer.pyR#s					c	Cs.|jd�\}}}tj|�}|jd�}g}xM|d D]A}|dkrf|j�qG|rG|dkrG|j|�qGqGW|r�|j�}|r�|dkr�|j�d}q�|dkr�d}q�q�nd}|rdj||f�}nddj|�|f}dj|�}|S(s�
    Given a URL path, remove extra '/'s and '.' path elements and collapse
    any '..' references and returns a colllapsed path.

    Implements something akin to RFC-2396 5.2 step 6 to parse relative paths.
    The utility of this function is limited to is_cgi method and helps
    preventing some security attacks.

    Returns: The reconstituted URL, which will always start with a '/'.

    Raises: IndexError if too many '..' occur within the path.

    RRi����s..t.R(RFRVRWR\tpopReRg(	RR�R�t
path_partst
head_partstpartt	tail_partt	splitpathR((s%/usr/lib64/python2.7/CGIHTTPServer.pyR
*s.

	cCs�tr
tSyddl}Wntk
r.dSXy|jd�daWn3tk
r{dttd�|j���anXtS(s$Internal routine to get nobody's uidi����NR�iicSs|dS(Ni((tx((s%/usr/lib64/python2.7/CGIHTTPServer.pyt<lambda>gR(R�tpwdtImportErrortgetpwnamtKeyErrortmaxtmaptgetpwall(R�((s%/usr/lib64/python2.7/CGIHTTPServer.pyRm[s

&cCs<ytj|�}Wntjk
r*tSX|jd@dkS(sTest for executable file.iIi(RtstatRvRtst_mode(Rtst((s%/usr/lib64/python2.7/CGIHTTPServer.pyRks
cCstj||�dS(N(R	ttest(tHandlerClasstServerClass((s%/usr/lib64/python2.7/CGIHTTPServer.pyR�tst__main__(R�t__version__t__all__RR~RVtBaseHTTPServerR	RqRLR
RR
RbR�RmRt
HTTPServerR�R�(((s%/usr/lib64/python2.7/CGIHTTPServer.pyt<module>s&	�	/			
© 2025 GrazzMean-Shell