110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/alumni/blocks/ drwxr-xr-x Free 52.35 GB of 127.8 GB (40.96%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/alumni/blocks/ drwxr-xr-x
Free 52.35 GB of 127.8 GB (40.96%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: block_forum_main.php (3.68 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php

/********************************************************************************
	- MemHT Portal -
	
	Copyright (C) 2007-2008 by Miltenovik Manojlo
	http://www.memht.com
	
	This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 2 of the License, or
	(at your opinion) any later version.
	
	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	GNU General Public License for more details.
	
	You should have received a copy of the GNU General Public License along
	with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)
	or write to the Free Software Foundation, Inc., 51 Franklin Street,
	Fifth Floor, Boston, MA02110-1301, USA.
		
********************************************************************************/

	if (stristr(htmlentities($_SERVER['PHP_SELF']), "block_forum_main.php")) {
		die("<table style='padding: 2px; border: 1px solid #999; background-color: #EEE; font-family: Verdana; font-size: 10px;' align='center'><tr><td><b>Error:</b> This file cannot be opened directly!</td></tr></table>");
	}
	
	require_once("pages/forum/inc_functions.php");
	
	global $dblink,$siteConfig;
	
	echo "<table width='100%' border='0' cellspacing='1' cellpadding='0' class='std_nicetable'>\n";
	echo "<thead>\n";
	echo "<tr><td width='80%'>"._THREAD_."</td><td width='5%' align='center'>"._REPLIES_."</td><td width='5%' align='center'>"._VIEWS_."</td><td width='10%' align='center' nowrap>"._DATE_."</td></tr>";
	echo "</thead>\n";
	echo "<tbody>\n";
	
	$myrank = myRank();
	
	$n = 0;
	$result = $dblink->get_list("SELECT p.id,p.lastchild,p.name,DATE_FORMAT(d.date,'".$siteConfig['timestamp']."') as date,d.author,(SELECT COUNT(*) FROM memht_forum_posts WHERE id=p.id OR parent=p.id) AS pstnum FROM memht_forum_posts AS p JOIN memht_forum_forums AS f JOIN memht_forum_posts AS d ON p.forum=f.id AND p.lastchild=d.id WHERE f.auth_view<=$myrank AND f.auth_read<=$myrank ORDER BY p.lastchild DESC LIMIT 10");
	foreach ($result as $row) {
		$bid = intval($row['id']);
		$blastchild = intval($row['lastchild']);
		$btitle = outCode($row['name'],0);
		$bdate = $row['date'];
		$bauthor = outCode($row['author']);
		$pstnum = intval($row['pstnum']);
		
		$link = "index.php?page=forum&op=viewThread&id=$bid&title=".mem_urlencode($btitle);
		if ($pstnum>10) { $link .= "&pg=".ceil($pstnum/10); }
		if ($bid!=$blastchild) { $link .= "#post{$blastchild}"; }
		
		$fontcolor_i = "";
		$fontcolor_e = "";
		if (isset($_COOKIE['forumtrack'])) {
			$cookiecontent = inCode($_COOKIE['forumtrack']);
			$exp = explode("-",$cookiecontent);
			$first = $exp[0];
				
			if ($blastchild>$first AND !in_array($blastchild,$exp)) {
				$fontcolor_i = "<font color='#990000'>";
				$fontcolor_e = "</font>";
			}
		}
			
		$numbers = getNumbers($bid);
		$replies = $numbers[0];
		$views = $numbers[1];
		
		$class = (($n++%2)!=0) ? "std_hlight" : "std_clean" ;
			
		echo "<tr><td class='$class' style='font-size:90%;'><a href='$link' title='$btitle'>{$fontcolor_i}<b>$btitle</b>{$fontcolor_e}</a><br>{$fontcolor_i}"._LASTPOST_." "._BY_.": $bauthor{$fontcolor_e}</td><td align='center' class='$class' style='font-size:90%;'>{$fontcolor_i}$replies{$fontcolor_e}</td><td align='center' class='$class' style='font-size:90%;'>{$fontcolor_i}$views{$fontcolor_e}</td><td align='center' class='$class' style='font-size:90%;' nowrap>{$fontcolor_i}$bdate{$fontcolor_e}</td></tr>\n";
	}
	echo "</tbody>\n";
	echo "</table>\n";

?>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]--