!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/alumni/   drwxrwxrwx
Free 51.24 GB of 127.8 GB (40.09%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     rss.php (12.56 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

/********************************************************************************
    - MemHT Portal -
    
    Copyright (C) 2007-2008 by Miltenovik Manojlo
    http://www.memht.com
    
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your opinion) any later version.
    
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.
    
    You should have received a copy of the GNU General Public License along
    with this program; if not, see <http://www.gnu.org/licenses/> (GPLv2)
    or write to the Free Software Foundation, Inc., 51 Franklin Street,
    Fifth Floor, Boston, MA02110-1301, USA.
        
********************************************************************************/

header("Content-Type: text/xml");

//===========================================
//Database: Connect
//===========================================
require_once("inc/inc_config.php");
require_once(
"inc/inc_database.php");

$dblink = new database();
$dblink->connect();

//===========================================
//TIMEZONE SETTING + DATABASE CHECK
//===========================================
$timezonerow $dblink->get_row("SELECT timezone FROM memht_config") or die("<table style='padding: 2px; border: 1px solid #999; background-color: #EEE; font-family: Verdana; font-size: 10px;' align='center'><tr><td><b>Attention:</b> Cannot find database tables!</td></tr></table>");
$siteConfig['timezone'] = intval($timezonerow['timezone']);
$tzNOW "DATE_ADD(NOW(),INTERVAL ".$siteConfig['timezone']." HOUR)";

require_once(
"inc/inc_login.php");
require_once(
"inc/inc_functions.php");
require_once(
"inc/inc_readConfig.php");
require_once(
"inc/inc_getinfo.php");
require_once(
"inc/inc_ban.php");

if (
file_exists("lang/".$siteConfig['language'].".php")) {
    include_once(
"lang/".$siteConfig['language'].".php");
} else {
    include_once(
"lang/".$siteConfig['default_language'].".php");
}

if (!
defined("_LANG_CHARSET_")) { define("_LANG_CHARSET_","utf-8"); }

//===========================================
$topic = (isset($_GET['topic'])) ? intval($_GET['topic']) : ;
$cat = (isset($_GET['cat'])) ? intval($_GET['cat']) : ;
$forum = (isset($_GET['forum'])) ? intval($_GET['forum']) : ;
$page = (isset($_GET['page'])) ? clean($_GET['page']) : "news" ;
$items = (isset($_GET['items'])) ? intval($_GET['items']) : 30 ;
if (
$items>50) { $items 50; }

$myrank myRank();
if (
$row $dblink->get_row("SELECT titolo FROM memht_pagine WHERE nome='$page' AND rank<=$myrank AND enabled=1")) {
    
$pagename outCode($row['titolo']);
    
    
$row $dblink->get_row("SELECT nome,site_url FROM memht_config");
    
$sitename outCode($row['nome']);
    
$siteurl outCode($row['site_url']);
    
    echo 
"<?xml version=\"1.0\" encoding=\""._LANG_CHARSET_."\"?>\n";
    echo 
"<rss version=\"2.0\">\n\n";
        echo 
"<channel>\n";
            echo 
"<title><![CDATA[$sitename]]></title>\n";
            echo 
"<link><![CDATA[$siteurl]]></link>\n";
            echo 
"<description><![CDATA[$pagename]]></description>\n";
            echo 
"<generator>MemHT Portal</generator>\n";
            
            if (
$topic>AND $row $dblink->get_row("SELECT nome,img FROM memht_argomenti WHERE id=$topic")) {
                
$topicname outCode($row['nome']);
                
$topicimg outCode($row['img']);
                if (
$topicimg!="" AND file_exists("templates/".$siteConfig['template']."/images/topics/$topicimg.gif")) {
                    
$topicimg "templates/".$siteConfig['template']."/images/topics/$topicimg.gif";
                } else if (
$topicimg!="" AND file_exists("images/topics/$topicimg.gif")) {
                    
$topicimg "images/topics/$topicimg.gif";
                } else {
                    
$topicimg "images/topics/empty.gif";
                }
                
                echo 
"<category><![CDATA[$topicname]]></category>\n";
                echo 
"<image>\n";
                    echo 
"<url><![CDATA[$siteurl/$topicimg]]></url>\n";
                    echo 
"<title><![CDATA[$topicname]]></title>\n";
                    
$link = ($siteConfig['modrewrite']==1) ? "topics/" "index.php?page=topics";
                    echo 
"<link><![CDATA[$siteurl/$link]]></link>\n";
                echo 
"</image>\n";
                
$usetopic true;    
            } else {
                
$usetopic false;
            }
            
            if (
$page=="blog") {
                if (
$cat>AND $row $dblink->get_row("SELECT name FROM memht_blog_categories WHERE id=$cat")) {
                    
$catname outCode($row['name']);
                    echo 
"<category><![CDATA[$catname]]></category>\n";
                    
$usecat true;
                } else {
                    
$usecat false;
                }
            }
            
            if (
$page=="download") {
                if (
$cat>AND $row $dblink->get_row("SELECT nome FROM memht_download_categorie WHERE id=$cat")) {
                    
$catname outCode($row['nome']);
                    echo 
"<category><![CDATA[$catname]]></category>\n";
                    
$usecat true;    
                } else {
                    
$usecat false;
                }
            }
            
            if (
$forum>AND $row $dblink->get_row("SELECT name FROM memht_forum_forums WHERE id=$forum")) {
                
$forumname outCode($row['name']);
                echo 
"<category><![CDATA[$forumname]]></category>\n";
                
$useforum true;    
            } else {
                
$useforum false;
            }
            
            switch (
$page) {
                case 
"articles":
                    if (
$usetopic) {
                        
$query "SELECT id,nome,descrizione,DATE_FORMAT(data, '%a, %d %b %Y %H:%i:%S GMT') as data FROM memht_articoli WHERE argomento=$topic AND enabled=1 ORDER BY id DESC LIMIT $items";
                    } else {
                        
$query "SELECT id,nome,descrizione,DATE_FORMAT(data, '%a, %d %b %Y %H:%i:%S GMT') as data FROM memht_articoli WHERE enabled=1 ORDER BY id DESC LIMIT $items";
                    }
                    
$result $dblink->get_list($query);
                    foreach (
$result as $row) {
                        
$id intval($row['id']);
                        
$nome outCode($row['nome']);
                        
$description outCode($row['descrizione']);
                        
$data outCode($row['data']);
                        
                        
$link = ($siteConfig['modrewrite']==1) ? "articles_{$id}_".mem_urlencode($nome).".html" "index.php?page=articles&op=readArticle&id=$id&title=".mem_urlencode($nome);
                        
                        echo 
"<item>\n";
                            echo 
"<title><![CDATA[$nome]]></title>\n";
                            echo 
"<link><![CDATA[$siteurl/$link]]></link>\n";
                            echo 
"<guid isPermaLink=\"true\"><![CDATA[$siteurl/$link]]></guid>\n";
                            echo 
"<description><![CDATA[$description]]></description>\n";
                            echo 
"<pubDate><![CDATA[$data]]></pubDate>\n";
                        echo 
"</item>\n";
                    }
                break;
                
                case 
"blog":
                    if (
$usecat) {//Thu, 01 Nov 2007 16:16:40 GMT
                        
$query "SELECT *,DATE_FORMAT(date, '%a, %d %b %Y %H:%i:%S GMT') as date FROM memht_blog_posts WHERE category=$cat AND enabled=1 ORDER BY id DESC LIMIT $items";
                    } else {
                        
$query "SELECT *,DATE_FORMAT(date, '%a, %d %b %Y %H:%i:%S GMT') as date FROM memht_blog_posts WHERE enabled=1 ORDER BY id DESC LIMIT $items";
                    }
                    
$result $dblink->get_list($query);
                    foreach (
$result as $row) {
                        
$id intval($row['id']);
                        
$title outCode($row['title']);
                        
$home_text outCode($row['home_text']);
                        
$date $row['date'];
                        
                        
$link = ($siteConfig['modrewrite']==1) ? "blog_view_{$id}_".mem_urlencode($title).".html" "index.php?page=blog&id=$id&title=".mem_urlencode($title);
                        
                        echo 
"<item>\n";
                            echo 
"<title><![CDATA[$title]]></title>\n";
                            echo 
"<link><![CDATA[$siteurl/$link]]></link>\n";
                            echo 
"<guid isPermaLink=\"true\"><![CDATA[$siteurl/$link]]></guid>\n";
                            echo 
"<description><![CDATA[$home_text]]></description>\n";
                            echo 
"<pubDate><![CDATA[$date]]></pubDate>\n";
                        echo 
"</item>\n";
                    }
                break;
                
                case 
"download":
                    if (
$usecat) {
                        
$query "SELECT id,nome,descrizione,DATE_FORMAT(data, '%a, %d %b %Y %H:%i:%S GMT') as data FROM memht_download WHERE cat=$cat ORDER BY id DESC LIMIT $items";
                    } else {
                        
$query "SELECT id,nome,descrizione,DATE_FORMAT(data, '%a, %d %b %Y %H:%i:%S GMT') as data FROM memht_download ORDER BY id DESC LIMIT $items";
                    }
                    
$result $dblink->get_list($query);
                    foreach (
$result as $row) {
                        
$id intval($row['id']);
                        
$nome outCode($row['nome']);
                        
$description outCode($row['descrizione']);
                        
$data outCode($row['data']);
                        
                        
$link = ($siteConfig['modrewrite']==1) ? "download_file_{$id}_".mem_urlencode($nome).".html" "index.php?page=download&op=getFile&id=$id&title=".mem_urlencode($nome);
                    
                        echo 
"<item>\n";
                            echo 
"<title><![CDATA[$nome]]></title>\n";
                            echo 
"<link><![CDATA[$siteurl/$link]]></link>\n";
                            echo 
"<guid isPermaLink=\"true\"><![CDATA[$siteurl/$link]]></guid>\n";
                            echo 
"<description><![CDATA[$description]]></description>\n";
                            echo 
"<pubDate><![CDATA[$data]]></pubDate>\n";
                        echo 
"</item>\n";
                    }
                break;
                
                case 
"forum":
                    if (
$useforum) {
                        
$query "SELECT id,name,DATE_FORMAT(date, '%a, %d %b %Y %H:%i:%S GMT') as date FROM memht_forum_posts WHERE parent=0 AND forum=$forum ORDER BY id DESC LIMIT $items";
                    } else {
                        
$query "SELECT id,name,DATE_FORMAT(date, '%a, %d %b %Y %H:%i:%S GMT') as date FROM memht_forum_posts WHERE parent=0 ORDER BY id DESC LIMIT $items";
                    }
                    
$result $dblink->get_list($query);
                    foreach (
$result as $row) {
                        
$id intval($row['id']);
                        
$title outCode($row['name']);
                        
$date outCode($row['date']);
                        
                        
$link = ($siteConfig['modrewrite']==1) ? "forum_thread_{$id}_".mem_urlencode($title).".html" "index.php?page=forum&op=viewThread&id=$id&title=".mem_urlencode($title);
                        
                        echo 
"<item>\n";
                            echo 
"<title><![CDATA[$title]]></title>\n";
                            echo 
"<guid isPermaLink=\"true\"><![CDATA[$siteurl/$link]]></guid>\n";
                            echo 
"<link><![CDATA[$siteurl/$link]]></link>\n";
                            echo 
"<pubDate><![CDATA[$date]]></pubDate>\n";
                        echo 
"</item>\n";
                    
                    }
                break;
                
                case 
"guide":
                    if (
$usetopic) {
                        
$query "SELECT id,nome,descrizione,DATE_FORMAT(data, '%a, %d %b %Y %H:%i:%S GMT') as data FROM memht_guide WHERE argomento=$topic AND enabled=1 ORDER BY id DESC LIMIT $items";
                    } else {
                        
$query "SELECT id,nome,descrizione,DATE_FORMAT(data, '%a, %d %b %Y %H:%i:%S GMT') as data FROM memht_guide WHERE enabled=1 ORDER BY id DESC LIMIT $items";
                    }
                    
$result $dblink->get_list($query);
                    foreach (
$result as $row) {
                        
$id intval($row['id']);
                        
$nome outCode($row['nome']);
                        
$description outCode($row['descrizione']);
                        
$data outCode($row['data']);
                        
                        
$link = ($siteConfig['modrewrite']==1) ? "guide_{$id}_".mem_urlencode($nome).".html" "index.php?page=guide&op=readGuide&id=$id&title=".mem_urlencode($nome);
                        
                        echo 
"<item>\n";
                            echo 
"<title><![CDATA[$nome]]></title>\n";
                            echo 
"<link><![CDATA[$siteurl/$link]]></link>\n";
                            echo 
"<guid isPermaLink=\"true\"><![CDATA[$siteurl/$link]]></guid>\n";
                            echo 
"<description><![CDATA[$description]]></description>\n";
                            echo 
"<pubDate><![CDATA[$data]]></pubDate>\n";
                        echo 
"</item>\n";
                    }

                break;
                
                default:
                case 
"news":
                    if (
$usetopic) {//Thu, 01 Nov 2007 16:16:40 GMT
                        
$query "SELECT id,nome,testo_home,DATE_FORMAT(data, '%a, %d %b %Y %H:%i:%S GMT') as data FROM memht_news WHERE argomento=$topic AND enabled=1 ORDER BY id DESC LIMIT $items";
                    } else {
                        
$query "SELECT id,nome,testo_home,DATE_FORMAT(data, '%a, %d %b %Y %H:%i:%S GMT') as data FROM memht_news WHERE enabled=1 ORDER BY id DESC LIMIT $items";
                    }
                    
$result $dblink->get_list($query);
                    foreach (
$result as $row) {
                        
$id intval($row['id']);
                        
$nome outCode($row['nome']);
                        
$home_text outCode($row['testo_home']);
                        
$data outCode($row['data']);
                        
                        
$link = ($siteConfig['modrewrite']==1) ? "news_{$id}_".mem_urlencode($nome).".html" "index.php?page=news&op=readNews&id=$id&title=".mem_urlencode($nome);
                        
                        echo 
"<item>\n";
                            echo 
"<title><![CDATA[$nome]]></title>\n";
                            echo 
"<link><![CDATA[$siteurl/$link]]></link>\n";
                            echo 
"<guid isPermaLink=\"true\"><![CDATA[$siteurl/$link]]></guid>\n";
                            echo 
"<description><![CDATA[$home_text]]></description>\n";
                            echo 
"<pubDate><![CDATA[$data]]></pubDate>\n";
                        echo 
"</item>\n";
                    }
                break;
            }
            
        echo 
"</channel>\n";
    echo 
"</rss>";
}

//===========================================

function clean($string) {
    return 
eregi_replace("[<>'\"`%$#]","",$string);
}

//===========================================
//Database: Disconnect
//===========================================
$dblink->disconnect();

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0148 ]--