!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/class/   drwxr-xr-x
Free 52.81 GB of 127.8 GB (41.32%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     clsForm.php (2.18 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?
class clsForm{
function Start($formName$action=""$method="post"$type=""){
    return "<form name=\"$formName\" action=\"$action\", method=\"$method\">\n";
}
function End(){
    return "</form>\n";
}
function Text($name$value=""$size=40$maxlength=50$readonlyYN="") {
    $str "<input type=\"text\" name=\"$name\" value=\"$value\" size=\"$size\" maxlength=\"$maxlength\"";
    if($readonlyYN=="Y"$str.= " readonly";
    $str.= ">";
    return $str;
}
function Hidden($name$value="") {
    return "<input type=\"hidden\" name=\"$name\" value=\"$value\">";
}
function Textarea($name$value=""$rows=""$cols=""$readonlyYN="") {
    $str "<textarea name=\"$name\" "
    if ($rows=="")
        $str.= "rows=\"5\" ";
    else 
        $str.= "rows=\"$rows\" ";
    if ($cols=="")
        $str.= "cols=\"50\"";
    else 
        $str.= "cols=\"$cols\"";
    if($readonlyYN=="Y"$str.= " readonly";
    $str.= ">$value</textarea>";
    return $str;
}
function Submit($name="sb"$caption="Submit"){
    return "<input type=\"submit\" name=\"$name\" value=\"$caption\">";
}
function Reset($name="rs"$caption="เคลียร์"){
    return "<input type=\"reset\" name=\"$name\" value=\"$caption\">";
}
function Button($onclickCmd=""$name="bt"$caption="..."){
    $str "<input type=\"button\" name=\"$name\" value=\"$caption\"";
    if($onclickCmd<>""$str.= " onclick=\"$onclickCmd;\"";
    $str.= ">";
    return $str;
}
function Radio($name$value$caption$checkedYN=""){ 
    $str "<input type=\"radio\" name=\"$name\" value=\"$value\"";
    if($checkedYN=="Y"$str.= " checked";
    $str.= ">$caption";
    return $str;
}
function Checkbox($name$value$caption=""$checkedYN=""){ 
    $str "<input type=\"checkbox\" name=\"$name\" value=\"$value\"";
    if($checkedYN=="Y"$str.= " checked";
    $str.= ">$caption";
    return $str;
}
function Select($name$aList$aValue$defaultValue=""$text="---เลือกรายการ---"){
    $str "<select name=\"$name\">\n";
    $str.= "<option value=\"\">$text\n";
    for ($i=0$i<count($aValue); $i++){
        $str.= "<option value=\"$aValue[$i]\"";
        $str.= ($aValue[$i]==$defaultValue) ? " Selected" "" ;
        $str.= ">$aList[$i]\n";    
    }    
    $str.="</select>";
    return $str;
}

}    //end class clsFormElementGen
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0145 ]--