!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/cvc/system/database/   drwxr-xr-x
Free 50.98 GB of 127.8 GB (39.89%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     DB_forge.php (7.23 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
 * Code Igniter
 *
 * An open source application development framework for PHP 5.1.6 or newer
 *
 * @package        CodeIgniter
 * @author        ExpressionEngine Dev Team
 * @copyright    Copyright (c) 2008 - 2011, EllisLab, Inc.
 * @license        http://codeigniter.com/user_guide/license.html
 * @link        http://codeigniter.com
 * @since        Version 1.0
 * @filesource
 */

// ------------------------------------------------------------------------

/**
 * Database Utility Class
 *
 * @category    Database
 * @author        ExpressionEngine Dev Team
 * @link        http://codeigniter.com/user_guide/database/
 */
class CI_DB_forge {

    var 
$fields            = array();
    var 
$keys            = array();
    var 
$primary_keys    = array();
    var 
$db_char_set    =    '';

    
/**
     * Constructor
     *
     * Grabs the CI super object instance so we can access it.
     *
     */
    
function CI_DB_forge()
    {
        
// Assign the main database object to $this->db
        
$CI =& get_instance();
        
$this->db =& $CI->db;
        
log_message('debug'"Database Forge Class Initialized");
    }

    
// --------------------------------------------------------------------

    /**
     * Create database
     *
     * @access    public
     * @param    string    the database name
     * @return    bool
     */
    
function create_database($db_name)
    {
        
$sql $this->_create_database($db_name);

        if (
is_bool($sql))
        {
            return 
$sql;
        }

        return 
$this->db->query($sql);
    }

    
// --------------------------------------------------------------------

    /**
     * Drop database
     *
     * @access    public
     * @param    string    the database name
     * @return    bool
     */
    
function drop_database($db_name)
    {
        
$sql $this->_drop_database($db_name);

        if (
is_bool($sql))
        {
            return 
$sql;
        }

        return 
$this->db->query($sql);
    }

    
// --------------------------------------------------------------------

    /**
     * Add Key
     *
     * @access    public
     * @param    string    key
     * @param    string    type
     * @return    void
     */
    
function add_key($key ''$primary FALSE)
    {
        if (
is_array($key))
        {
            foreach (
$key as $one)
            {
                
$this->add_key($one$primary);
            }

            return;
        }

        if (
$key == '')
        {
            
show_error('Key information is required for that operation.');
        }

        if (
$primary === TRUE)
        {
            
$this->primary_keys[] = $key;
        }
        else
        {
            
$this->keys[] = $key;
        }
    }

    
// --------------------------------------------------------------------

    /**
     * Add Field
     *
     * @access    public
     * @param    string    collation
     * @return    void
     */
    
function add_field($field '')
    {
        if (
$field == '')
        {
            
show_error('Field information is required.');
        }

        if (
is_string($field))
        {
            if (
$field == 'id')
            {
                
$this->add_field(array(
                                        
'id' => array(
                                                    
'type' => 'INT',
                                                    
'constraint' => 9,
                                                    
'auto_increment' => TRUE
                                                    
)
                                ));
                
$this->add_key('id'TRUE);
            }
            else
            {
                if (
strpos($field' ') === FALSE)
                {
                    
show_error('Field information is required for that operation.');
                }

                
$this->fields[] = $field;
            }
        }

        if (
is_array($field))
        {
            
$this->fields array_merge($this->fields$field);
        }

    }

    
// --------------------------------------------------------------------

    /**
     * Create Table
     *
     * @access    public
     * @param    string    the table name
     * @return    bool
     */
    
function create_table($table ''$if_not_exists FALSE)
    {
        if (
$table == '')
        {
            
show_error('A table name is required for that operation.');
        }

        if (
count($this->fields) == 0)
        {
            
show_error('Field information is required.');
        }

        
$sql $this->_create_table($this->db->dbprefix.$table$this->fields$this->primary_keys$this->keys$if_not_exists);

        
$this->_reset();
        return 
$this->db->query($sql);
    }

    
// --------------------------------------------------------------------

    /**
     * Drop Table
     *
     * @access    public
     * @param    string    the table name
     * @return    bool
     */
    
function drop_table($table_name)
    {
        
$sql $this->_drop_table($this->db->dbprefix.$table_name);

        if (
is_bool($sql))
        {
            return 
$sql;
        }

        return 
$this->db->query($sql);
    }

    
// --------------------------------------------------------------------

    /**
     * Rename Table
     *
     * @access    public
     * @param    string    the old table name
     * @param    string    the new table name
     * @return    bool
     */
    
function rename_table($table_name$new_table_name)
    {
        if (
$table_name == '' OR $new_table_name == '')
        {
            
show_error('A table name is required for that operation.');
        }

        
$sql $this->_rename_table($table_name$new_table_name);
        return 
$this->db->query($sql);
    }

    
// --------------------------------------------------------------------

    /**
     * Column Add
     *
     * @access    public
     * @param    string    the table name
     * @param    string    the column name
     * @param    string    the column definition
     * @return    bool
     */
    
function add_column($table ''$field = array(), $after_field '')
    {
        if (
$table == '')
        {
            
show_error('A table name is required for that operation.');
        }

        
// add field info into field array, but we can only do one at a time
        // so we cycle through

        
foreach ($field as $k => $v)
        {
            
$this->add_field(array($k => $field[$k]));

            if (
count($this->fields) == 0)
            {
                
show_error('Field information is required.');
            }

            
$sql $this->_alter_table('ADD'$this->db->dbprefix.$table$this->fields$after_field);

            
$this->_reset();

            if (
$this->db->query($sql) === FALSE)
            {
                return 
FALSE;
            }
        }

        return 
TRUE;

    }

    
// --------------------------------------------------------------------

    /**
     * Column Drop
     *
     * @access    public
     * @param    string    the table name
     * @param    string    the column name
     * @return    bool
     */
    
function drop_column($table ''$column_name '')
    {

        if (
$table == '')
        {
            
show_error('A table name is required for that operation.');
        }

        if (
$column_name == '')
        {
            
show_error('A column name is required for that operation.');
        }

        
$sql $this->_alter_table('DROP'$this->db->dbprefix.$table$column_name);

        return 
$this->db->query($sql);
    }

    
// --------------------------------------------------------------------

    /**
     * Column Modify
     *
     * @access    public
     * @param    string    the table name
     * @param    string    the column name
     * @param    string    the column definition
     * @return    bool
     */
    
function modify_column($table ''$field = array())
    {
        if (
$table == '')
        {
            
show_error('A table name is required for that operation.');
        }

        
// add field info into field array, but we can only do one at a time
        // so we cycle through

        
foreach ($field as $k => $v)
        {
            
// If no name provided, use the current name
            
if ( ! isset($field[$k]['name']))
            {
                
$field[$k]['name'] = $k;
            }

            
$this->add_field(array($k => $field[$k]));

            if (
count($this->fields) == 0)
            {
                
show_error('Field information is required.');
            }

            
$sql $this->_alter_table('CHANGE'$this->db->dbprefix.$table$this->fields);

            
$this->_reset();

            if (
$this->db->query($sql) === FALSE)
            {
                return 
FALSE;
            }
        }

        return 
TRUE;
    }

    
// --------------------------------------------------------------------

    /**
     * Reset
     *
     * Resets table creation vars
     *
     * @access    private
     * @return    void
     */
    
function _reset()
    {
        
$this->fields        = array();
        
$this->keys            = array();
        
$this->primary_keys    = array();
    }

}

/* End of file DB_forge.php */
/* Location: ./system/database/DB_forge.php */

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0136 ]--