!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage_22222/Research_depart/   drwxr-xr-x
Free 52.41 GB of 127.8 GB (41%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     EditResearch.php (1.29 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
Information:
Path /var/www/html/manage_22222/Research_depart/EditResearch.php
Size 1.29 KB
MD5 704fef61eed6fca4b605a2ca0a444da2
Owner/Group root/root
Perms-rw-r--r--
Create time 06/07/2011 01:44:07
Access time 30/07/2024 06:52:53
MODIFY time 21/08/2009 09:45:54

FULL HEXDUMP
00000000
00000018
00000030
00000048
00000060
00000078
00000090
000000A8
000000C0
000000D8
000000F0
00000108
00000120
00000138
00000150
00000168
00000180
00000198
000001B0
000001C8
000001E0
000001F8
00000210
00000228
00000240
00000258
00000270
00000288
000002A0
000002B8
000002D0
000002E8
00000300
00000318
00000330
00000348
00000360
00000378
00000390
000003A8
000003C0
000003D8
000003F0
00000408
00000420
00000438
00000450
00000468
00000480
00000498
000004B0
000004C8
000004E0
000004F8
00000510
3C 3F 70 68 70 0A 09 69 6E 63 6C 75 64 65 28 22 2E 2E 2F 69 6E 63 6C 75
64 65 2F 46 75 6E 63 74 69 6F 6E 44 42 2E 70 68 70 22 29 3B 0A 09 43 6F
6E 6E 65 63 74 44 42 28 29 3B 20 20 20 20 20 20 20 20 0A 09 24 59 65 61
72 5F 73 74 61 72 74 20 3D 20 24 5F 50 4F 53 54 5B 6D 59 65 61 72 5D 2E
22 2D 22 2E 24 5F 50 4F 53 54 5B 6D 4D 6F 6E 74 68 5D 2E 22 2D 22 2E 24
5F 50 4F 53 54 5B 6D 44 61 74 65 5D 3B 0A 20 20 20 20 24 59 65 61 72 5F
66 69 6E 69 73 68 20 3D 20 24 5F 50 4F 53 54 5B 6D 59 65 61 72 32 5D 2E
22 2D 22 2E 24 5F 50 4F 53 54 5B 6D 4D 6F 6E 74 68 32 5D 2E 22 2D 22 2E
24 5F 50 4F 53 54 5B 6D 44 61 74 65 32 5D 3B 0A 09 2F 2F 65 63 68 6F 22
6E 61 6D 65 20 3D 20 24 6E 61 6D 65 31 22 3B 0A 09 24 73 74 72 53 51 4C
3D 22 55 50 44 41 54 45 20 72 65 73 65 61 72 63 68 5F 74 62 20 53 45 54
20 54 65 61 63 68 65 72 5F 63 6F 64 65 3D 27 24 54 65 61 63 68 65 72 5F
63 6F 64 65 27 2C 42 72 61 6E 63 68 3D 27 24 42 72 61 6E 63 68 27 2C 52
65 73 65 61 72 63 68 5F 6E 61 6D 65 3D 27 24 52 65 73 65 61 72 63 68 5F
6E 61 6D 65 27 2C 52 65 73 65 61 72 63 68 5F 74 79 70 65 3D 27 24 52 65
73 65 61 72 63 68 5F 74 79 70 65 27 2C 52 65 73 65 61 72 63 68 5F 63 68
61 72 3D 27 24 52 65 73 65 61 72 63 68 5F 63 68 61 72 27 2C 52 5F 70 6F
73 69 74 69 6F 6E 3D 27 24 52 5F 70 6F 73 69 74 69 6F 6E 27 2C 6E 61 6D
65 31 3D 27 24 6E 61 6D 65 31 27 2C 6E 61 6D 65 32 3D 27 24 6E 61 6D 65
32 27 2C 6E 61 6D 65 33 3D 27 24 6E 61 6D 65 33 27 2C 6E 61 6D 65 34 3D
27 24 6E 61 6D 65 34 27 2C 6E 61 6D 65 35 3D 27 24 6E 61 6D 65 35 27 2C
6E 61 6D 65 36 3D 27 24 6E 61 6D 65 36 27 2C 6E 61 6D 65 37 3D 27 24 6E
61 6D 65 37 27 2C 6E 61 6D 65 38 3D 27 24 6E 61 6D 65 38 27 2C 59 65 61
72 5F 73 74 61 72 74 3D 27 24 59 65 61 72 5F 73 74 61 72 74 27 2C 59 65
61 72 5F 66 69 6E 69 73 68 3D 27 24 59 65 61 72 5F 66 69 6E 69 73 68 27
2C 46 75 6E 64 3D 27 24 46 75 6E 64 27 2C 46 75 6E 64 5F 72 65 73 6F 75
72 63 65 3D 27 24 46 75 6E 64 5F 72 65 73 6F 75 72 63 65 27 2C 52 65 73
6F 75 72 63 65 5F 64 65 73 3D 27 24 52 65 73 6F 75 72 63 65 5F 64 65 73
27 2C 50 72 6F 70 61 67 61 74 65 3D 27 24 50 72 6F 70 61 67 61 74 65 27
2C 50 72 6F 70 61 67 61 74 65 5F 64 65 73 3D 27 24 50 72 6F 70 61 67 61
74 65 5F 64 65 73 27 2C 50 72 6F 70 5F 74 79 70 65 3D 27 24 50 72 6F 70
5F 74 79 70 65 27 2C 50 72 6F 70 5F 74 79 70 65 31 3D 27 24 50 72 6F 70
5F 74 79 70 65 31 27 2C 50 72 6F 70 5F 74 79 70 65 32 3D 27 24 50 72 6F
70 5F 74 79 70 65 32 27 2C 50 72 6F 70 5F 74 79 70 65 33 3D 27 24 50 72
6F 70 5F 74 79 70 65 33 27 2C 41 70 70 6C 79 31 3D 27 24 41 70 70 6C 79
31 27 2C 41 70 70 6C 79 32 3D 27 24 41 70 70 6C 79 32 27 2C 41 70 70 6C
79 33 3D 27 24 41 70 70 6C 79 33 27 2C 59 65 61 72 5F 70 72 6F 70 3D 27
24 59 65 61 72 5F 70 72 6F 70 27 20 57 48 45 52 45 20 52 65 73 65 61 72
63 68 5F 63 6F 64 65 3D 27 24 52 65 73 65 61 72 63 68 5F 63 6F 64 65 27
22 3B 0A 09 24 72 65 73 75 6C 74 20 20 3D 20 6D 79 73 71 6C 5F 71 75 65
72 79 28 24 73 74 72 53 51 4C 29 20 6F 72 20 64 69 65 28 22 55 70 64 61
74 65 20 45 72 72 6F 72 20 24 73 74 72 53 51 4C 22 2E 6D 79 73 71 6C 5F
65 72 72 6F 72 28 29 29 3B 0A 20 2F 2F 20 20 65 63 68 6F 22 3C 63 65 6E
74 65 72 3E 3C 66 6F 6E 74 20 66 61 63 65 3D 5C 22 54 61 68 6F 6D 61 5C
22 73 69 7A 65 3D 5C 22 36 5C 22 20 63 6F 6C 6F 72 3D 5C 22 23 46 46 30
30 30 30 5C 22 3E 55 70 64 61 74 65 20 43 6F 6D 70 6C 65 74 65 3C 2F 66
6F 6E 74 3E 3C 2F 63 65 6E 74 65 72 3E 22 3B 0A 2F 2F 09 20 20 65 63 68
6F 22 3C 6D 65 74 61 20 68 74 74 70 2D 65 71 75 69 76 3D 5C 22 72 65 66
72 65 73 68 5C 22 20 63 6F 6E 74 65 6E 74 3D 5C 22 31 3B 55 52 4C 3D 46
72 6D 45 64 69 74 4C 69 73 74 2E 70 68 70 3F 54 65 61 63 68 65 72 5F 63
6F 64 65 3D 24 54 65 61 63 68 65 72 5F 63 6F 64 65 5C 22 3E 22 3B 0A 20
68 65 61 64 65 72 28 22 4C 6F 63 61 74 69 6F 6E 3A 45 64 69 74 52 65 73
65 61 72 63 68 4C 69 73 74 2E 70 68 70 3F 54 65 61 63 68 65 72 5F 63 6F
64 65 3D 24 54 65 61 63 68 65 72 5F 63 6F 64 65 22 29 3B 09 09 09 09 0A
20 20 20 20 20 20 20 20 43 6C 6F 73 65 44 42 28 29 3B 0A 3F 3E 0A 		<?php  include("../inclu
de/FunctionDB.php");  Co
nnectDB();          $Yea
r_start = $_POST[mYear].
"-".$_POST[mMonth]."-".$
_POST[mDate];     $Year_
finish = $_POST[mYear2].
"-".$_POST[mMonth2]."-".
$_POST[mDate2];  //echo"
name = $name1";  $strSQL
="UPDATE research_tb SET
 Teacher_code='$Teacher_
code',Branch='$Branch',R
esearch_name='$Research_
name',Research_type='$Re
search_type',Research_ch
ar='$Research_char',R_po
sition='$R_position',nam
e1='$name1',name2='$name
2',name3='$name3',name4=
'$name4',name5='$name5',
name6='$name6',name7='$n
ame7',name8='$name8',Yea
r_start='$Year_start',Ye
ar_finish='$Year_finish'
,Fund='$Fund',Fund_resou
rce='$Fund_resource',Res
ource_des='$Resource_des
',Propagate='$Propagate'
,Propagate_des='$Propaga
te_des',Prop_type='$Prop
_type',Prop_type1='$Prop
_type1',Prop_type2='$Pro
p_type2',Prop_type3='$Pr
op_type3',Apply1='$Apply
1',Apply2='$Apply2',Appl
y3='$Apply3',Year_prop='
$Year_prop' WHERE Resear
ch_code='$Research_code'
";  $result  = mysql_que
ry($strSQL) or die("Upda
te Error $strSQL".mysql_
error());  //  echo"<cen
ter><font face=\"Tahoma\
"size=\"6\" color=\"#FF0
000\">Update Complete</f
ont></center>"; //   ech
o"<meta http-equiv=\"ref
resh\" content=\"1;URL=F
rmEditList.php?Teacher_c
ode=$Teacher_code\">";  
header("Location:EditRes
earchList.php?Teacher_co
de=$Teacher_code");  
        CloseDB(); ?> 

HEXDUMP: [Full] [Preview]
Base64: [Encode [+chunk [+chunk+quotes [Decode


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0134 ]--