!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/alumni/inc/   drwxrwxrwx
Free 51.02 GB of 127.8 GB (39.92%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     inc_header.php (15.47 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

/********************************************************************************
    - MemHT Portal -
    
    Copyright (C) 2007-2008 by Miltenovik Manojlo
    http://www.memht.com
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your opinion) any later version.
    
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License along
    with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)
    or write to the Free Software Foundation, Inc., 51 Franklin Street,
    Fifth Floor, Boston, MA02110-1301, USA.
        
********************************************************************************/

if (stristr(htmlentities($_SERVER['PHP_SELF']), "inc_header.php")) {
    die(
"<table style='padding: 2px; border: 1px solid #999; background-color: #EEE; font-family: Verdana; font-size: 10px;' align='center'><tr><td><b>Error:</b> This file cannot be opened directly!</td></tr></table>");
}

if (!
defined("_LANG_CHARSET_")) { define("_LANG_CHARSET_","utf-8"); }
@
header('Content-Type: text/html; charset='._LANG_CHARSET_);

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<!-- 
/********************************************************************************
    - MemHT Portal -
    
    Copyright (C) 2007-2008 by Miltenovik Manojlo
    http://www.memht.com
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your opinion) any later version.
    
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License along
    with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)
    or write to the Free Software Foundation, Inc., 51 Franklin Street,
    Fifth Floor, Boston, MA02110-1301, USA.
        
********************************************************************************/
-->

<?php if (!defined("_TEXT_DIRECTION_")) { define("_TEXT_DIRECTION_","ltr"); } ?>
<html dir='<?php echo _TEXT_DIRECTION_?>'>
<head>
    <?php
    
    
global $dblink,$siteConfig,$userInfo,$user;

    
//===================================================
    //Site title
    //===================================================
    
$sitetitle "";
    
    if (
memRunHooks('SiteTitle',array(&$sitetitle))) {
        if (isset(
$_GET['page'])) {
            
$page = (isset($_GET['page'])) ? inCode($_GET['page']) : "" ;
            
$checkop = (isset($_GET['op'])) ? inCode($_GET['op']) : "" ;
            
$checktitle = (isset($_GET['title'])) ? inCode($_GET['title']) : "" ;
            
$checkid = (isset($_GET['id'])) ? intval($_GET['id']) : ;
            
$checkcid = (isset($_GET['cid'])) ? intval($_GET['cid']) : ;
    
            switch (
$page) {
                case 
"archive":
                    
$checkarg = (isset($_GET['arg'])) ? @inCode($_GET['arg']) : "" ;
                    if (
$checkarg!="") {
                        
$year = (isset($_GET['year'])) ? intval($_GET['year']) : "" ;
                        
$month = (isset($_GET['month'])) ? intval($_GET['month']) : "" ;
                        
$sitetitle .= ucfirst($checkarg).": ".numToMonth($month)." $year | ";
                    }
                break;
                case 
"articles":
                    if (
$checkop=="readArticle") {
                        
$row $dblink->get_row("SELECT id,argomento,nome FROM memht_articoli WHERE id=$checkid OR nome='$checktitle'");
                        
$artitle outCode($row['nome']);
                        
                        
$sitetitle .= "$artitle | ";
                    }
                break;
                case 
"blog":
                    
$checkcat = (isset($_GET['category'])) ? @inCode($_GET['category']) : "" ;
                    if (
$checkid>OR $checktitle!="") {
                        
$row $dblink->get_row("SELECT title FROM memht_blog_posts WHERE id=$checkid OR title='$checktitle'");
                        
$bltitle outCode($row['title']);
        
                        
$sitetitle .= "$bltitle | ";
                    } else if (
$checkcid>OR $checkcat!="") {
                        
$row $dblink->get_row("SELECT id,name FROM memht_blog_categories WHERE id=$checkid OR name='$checkcat'");
                        
$catname outCode($row['name']);
        
                        
$sitetitle .= "$catname | ";
                    }
                break;
                case 
"download":
                    if (
$checkop=="getFile" AND ($checkid>OR $checktitle!="")) {
                        
$row $dblink->get_row("SELECT id,nome,cat FROM memht_download WHERE id=$checkid OR nome='$checktitle'");
                        
$dwtitle outCode($row['nome']);
            
                        
$sitetitle .= $dwtitle." | ";
                    } else if (
$checkop=="category" AND ($checkid>OR $checktitle!="")) {
                        
$row $dblink->get_row("SELECT nome FROM memht_download_categorie WHERE id=$checkid OR nome='$checktitle'");
                        
$cattitle outCode($row['nome']);
                        
                        
$sitetitle .= $cattitle." | ";
                    }
                break;
                case 
"faq":
                    if (
$checkop=="read") {
                        if (
$row $dblink->get_row("SELECT domanda FROM memht_faq WHERE id=$checkid")) {
                            
$sitetitle .= outCode($row['domanda'])." | ";
                        }
                    } else if (
$checkop=="arg") {
                        if (
$row $dblink->get_row("SELECT nome FROM memht_faq_categorie WHERE id=$checkid")) {
                            
$sitetitle .= outCode($row['nome'])." | ";
                        }
                    }
                break;
                case 
"forum":
                    if (
$checkop=="viewThread") {
                        if (
$row $dblink->get_row("SELECT name FROM memht_forum_posts WHERE id=$checkid")) {
                            
$sitetitle .= outCode($row['name'],0)." | ";
                        }
                    }
                break;
                case 
"gallery":
                    if (
$checkop=="showGallery") { $sitetitle .= "$checktitle | "; }
                break;
                case 
"guide":
                    if (
$checkop=="readGuide") { $sitetitle .= "$checktitle | "; }
                break;
                case 
"mypage":
                    if (
$checkop=="openPage") {
                        
$row $dblink->get_row("SELECT title FROM memht_mypage WHERE id=$checkid OR title='$checktitle'");
                        
$mptitle outCode($row['title']);
                        
                        
$sitetitle .= "$mptitle | ";
                    }
                break;
                case 
"news":
                    if (
$checkop=="readNews") {
                        
$row $dblink->get_row("SELECT nome FROM memht_news WHERE id=$checkid OR nome='$checktitle'");
                        
$newtitle outCode($row['nome']);
            
                        
$sitetitle .= "$newtitle | ";
                    }
                break;
                case 
"tags":
                    if (
$checkop=="list") { $sitetitle .= inCode(@$_GET['tag'])." | "; }
                break;
            }
            
            if (
$row $dblink->get_row("SELECT titolo,description,keywords,fullscreen,rank,enabled FROM memht_pagine WHERE nome='$page'")) {
                
$pagetitle outCode($row['titolo']);
                
$fullScreen intval($row['fullscreen']);            
                
$pgkw outCode($row['keywords']);
                
$pgds outCode($row['description']);
                
$rankPage =  intval($row['rank']);
                
$enabledPage intval($row['enabled']);
                
$sitetitle .= $pagetitle." | ";
                
$virtualpagerequest false;
            } else if (
$row $dblink->get_row("SELECT title,content,description,keywords,fullscreen,rank,enabled FROM memht_virtualpages WHERE name='$page'")) {
                
//VIRTUAL PAGES (Added in 3.8.0)
                
$pagetitle outCode($row['title']);
                
$pageContent outCodeVP($row['content']);
                
$fullScreen intval($row['fullscreen']);            
                
$pgkw outCode($row['keywords']);
                
$pgds outCode($row['description']);
                
$rankPage =  intval($row['rank']);
                
$enabledPage intval($row['enabled']);
                
$sitetitle .= $pagetitle." | ";
                
$virtualpagerequest true;
            } else {
                
$pgkw "";
                
$pgds "";
                
$fullScreen 0;
                
$virtualpagerequest false;
            }
        } else {
            
$pgkw "";
            
$pgds "";
            
$fullScreen 0;
            
$virtualpagerequest false;
        }
        
$sitetitle .= $siteConfig['site_name'];
        
        
memRunHooks('SiteTitleEnd',array(&$sitetitle));
    }
    
    echo 
"<title>$sitetitle</title>\n";
    
    
//===================================================
    //Meta tags
    //===================================================
    
if (memRunHooks('MetaTags')) {
        if (!
defined("_LANG_CHARSET_")) { define("_LANG_CHARSET_","utf-8"); }
        echo 
"<meta http-equiv='Content-Type' content='text/html;charset="._LANG_CHARSET_."'>\n";
        echo (
$pgkw!="") ? "<meta name='keywords' content=\"$pgkw\">\n" "<meta name='keywords' content='".$siteConfig['metatags']."'>\n" ;
        echo (
$pgds!="") ? "<meta name='description' content=\"$pgds\">\n" "<meta name='description' content='".$siteConfig['site_description']."'>\n" ;    
        echo 
"<meta name='robots' content='index, follow'>\n";
        echo 
"<meta name='revisit-after' content='1 days'>\n";
        echo 
"<meta name='author' content='MemHT Portal (www.memht.com) - Miltenovik Manojlo'>\n";
        echo 
"<base href='".$siteConfig['site_url']."/'>\n";
        
        
memRunHooks('MetaTagsEnd');
    }
    
//===================================================
    //RSS syndication
    //===================================================
    
if (memRunHooks('RssSyndication')) {
        if (
$siteInfo['feed_articles'] = $dblink->get_num("SELECT id FROM memht_articoli WHERE enabled=1 LIMIT 1")>0) {
            echo 
"<link rel='alternate' type='application/rss+xml' title='"._ARTRSSFEED_."' href='rss.php?page=articles'>\n";
        }
        if (
$siteInfo['feed_blog'] = $dblink->get_num("SELECT id FROM memht_blog_posts WHERE enabled=1 LIMIT 1")>0) {
            echo 
"<link rel='alternate' type='application/rss+xml' title='"._BLOGRSSFEED_."' href='rss.php?page=blog'>\n";
        }
        if (
$siteInfo['feed_download'] = $dblink->get_num("SELECT id FROM memht_download LIMIT 1")>0) {
            echo 
"<link rel='alternate' type='application/rss+xml' title='"._DWNRSSFEED_."' href='rss.php?page=download'>\n";
        }
        if (
$siteInfo['feed_forum'] = $dblink->get_num("SELECT id FROM memht_forum_posts LIMIT 1")>0) {
            echo 
"<link rel='alternate' type='application/rss+xml' title='"._FORUMRSSFEED_."' href='rss.php?page=forum'>\n";
        }
        if (
$siteInfo['feed_guide'] = $dblink->get_num("SELECT id FROM memht_guide WHERE enabled=1 LIMIT 1")>0) {
            echo 
"<link rel='alternate' type='application/rss+xml' title='"._GUIRSSFEED_."' href='rss.php?page=guide'>\n";
        }
        if (
$siteInfo['feed_news'] = $dblink->get_num("SELECT id FROM memht_news WHERE enabled=1 LIMIT 1")>0) {
            echo 
"<link rel='alternate' type='application/rss+xml' title='"._NEWSRSSFEED_."' href='rss.php?page=news'>\n";
        }
        
        
memRunHooks('RssSyndicationEnd');
    }
    
    
//===================================================
    //CSS
    //===================================================
    
echo "<link rel='stylesheet' href='".$siteConfig['site_url']."/inc/inc_style.css' type='text/css'>\n";
    if (
file_exists("templates/".$siteConfig['template']."/style.css")) { echo "<link rel='stylesheet' href='".$siteConfig['site_url']."/templates/".$siteConfig['template']."/style.css' type='text/css'>\n"; }
    if (
file_exists("templates/".$siteConfig['template']."/forum.css")) { echo "<link rel='stylesheet' href='".$siteConfig['site_url']."/templates/".$siteConfig['template']."/forum.css' type='text/css'>\n"; }
    
memRunHooks('StyleSheets');
    
    
//===================================================
    //Favicon
    //===================================================
    
if (file_exists("templates/".$siteConfig['template']."/images/favicon_ani.gif")) {
        echo 
"<link rel='icon' href='".$siteConfig['site_url']."/templates/".$siteConfig['template']."/images/favicon_ani.gif' type='image/gif'>\n";
    } else if (
file_exists("templates/".$siteConfig['template']."/images/favicon.ico")) {
        echo 
"<link rel='icon' href='".$siteConfig['site_url']."/templates/".$siteConfig['template']."/images/favicon.ico' type='image/x-icon'>\n";
        echo 
"<link rel='shortcut icon' href='".$siteConfig['site_url']."/templates/".$siteConfig['template']."/images/favicon.ico' type='image/x-icon'>\n";
    } else if (
file_exists("images/favicon.ico")) {
        echo 
"<link rel='icon' href='".$siteConfig['site_url']."/images/favicon.ico' type='image/x-icon'>\n";
        echo 
"<link rel='shortcut icon' href='".$siteConfig['site_url']."/images/favicon.ico' type='image/x-icon'>\n";
    }
    
    
//===================================================
    //Custom header
    //===================================================
    
if (file_exists("inc/inc_header_custom.php")) { include("inc/inc_header_custom.php"); }
    
    
//===================================================
    //Page custom header and javascript file
    //===================================================
    
if (isset($_GET['page'])) {
        if (
file_exists("pages/$page/head.php")) { include_once("pages/$page/head.php"); }
    }
    
    
//===================================================
    //Infobar
    //===================================================
    
if ($siteConfig['informationbar']==OR $siteConfig['site_open']==0) {
        
?>
        <style type="text/css">
            body {
                padding-left:0;
                padding-right:0;
                margin-left:0;
                margin-right:0;
            }
            .std_topbar {
                width: 100%;
                height:13px;
                background:url(admin/images/tpl/bg.gif) #EEE repeat-x;
                border-top: 1px solid #CCC;
                border-bottom: 1px solid #CCC;
                font: 10px Verdana;
                padding: 2px 0;
                text-indent: 5px;
                margin-bottom:4px;    
                color:#666;            
            }
            .std_topbar a { color:#666; }
            .std_topbar a:visited { color:#666; }
            .std_topbar a:hover { color:#990000; }
        </style>
        <?php
        
if ($siteConfig['site_open']==0) {
            echo 
"<div class='std_topbar' id='errorText'><b>"._SITE_INACTIVE_."!</b></div>";
        } else {
            if (
isUser($userid)) {
                echo 
"<div class='std_topbar'>"._HI_." <b>$user</b>! - "._YOURIPIS_." ".$visitorInfo['ip']." - <a href='index.php?page=users&op=editProfile' title='"._MODIFYPROFILE_."'>"._MODIFYPROFILE_."</a> - <a href='index.php?page=users&logout=1' title='"._LOGOUT_."'>"._LOGOUT_."</a></div>";
            } else {
                echo 
"<div class='std_topbar'>"._DOTHE_." <a href='index.php?page=users' title='"._LOGIN_."'><b>"._LOGIN_."</b></a> "._OR_." <a href='index.php?page=users&op=register' title='"._REGISTER_."'><b>"._REGISTER_."</b></a> "._FORFREE_."!</div>";
            }
        }
    }
    
    
//===================================================
    //Javascript
    //===================================================
    
require_once("inc_javascript.php");
    
    if (
memRunHooks('PvtMsgNotification')) {
        if (
isUser($userid) AND $userInfo['newpm']>AND $page!="pvtmsg" AND !isset($_COOKIE['ignorepm'])) {
            
?>
            <script type="text/javascript" src="<?php echo $siteConfig['site_url']; ?>/inc/javascript/jquery/plugins/impromptu/impromptu.js"></script>
            <script type="text/javascript">
                var txt = "<?php echo _YOUHAVE_." ".$userInfo['newpm']." ".strtolower(_NEWMESSAGES_); ?>";
                $(document).ready(function(){
                    $.prompt(txt,{
                        buttons: { <?php echo _READ_?>: true, <?php echo _IGNORE_?>: false },
                        callback: function(v,m) {
                            if (v==true) {
                                //Read: Open the private messages page
                                window.location = "index.php?page=pvtmsg";
                            } else if (v==false) {
                                //Ignore: Set ignore cookie
                                var today = new Date();
                                var the_cookie_date = new Date(today.getTime() + (1000 * 60 * 30)); //30 minutes
                                var the_cookie = "ignorepm=true";
                                var the_cookie = the_cookie + ";expires=" + the_cookie_date;
                                document.cookie=the_cookie;
                            }
                        }
                    });
                });
            </script>
            <?php
        
}
        
memRunHooks('PvtMsgNotificationEnd');
    }
    
    echo 
"</head><body>\n";
    
    
//TPL
    
$tpl->assign('site_name',$siteConfig['site_name']);
    
$tpl->assign('site_url',$siteConfig['site_url']);
    
$tpl->assign('fullscreen',$fullScreen);
    
showPath();
    
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0178 ]--