!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage_22222/edu_depart/   drwxr-xr-x
Free 52.37 GB of 127.8 GB (40.98%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     EditSubject.php (997 B)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
Information:
Path /var/www/html/manage_22222/edu_depart/EditSubject.php
Size 997 B
MD5 0e30433d52d46804e9dc0000f0b38c9c
Owner/Group root/root
Perms-rw-r--r--
Create time 06/07/2011 01:44:09
Access time 30/07/2024 16:21:40
MODIFY time 21/08/2009 09:42:51

FULL HEXDUMP
00000000
00000018
00000030
00000048
00000060
00000078
00000090
000000A8
000000C0
000000D8
000000F0
00000108
00000120
00000138
00000150
00000168
00000180
00000198
000001B0
000001C8
000001E0
000001F8
00000210
00000228
00000240
00000258
00000270
00000288
000002A0
000002B8
000002D0
000002E8
00000300
00000318
00000330
00000348
00000360
00000378
00000390
000003A8
000003C0
000003D8
3C 3F 70 68 70 0A 20 73 65 73 73 69 6F 6E 5F 73 74 61 72 74 28 29 3B 0A
20 20 69 66 20 28 73 65 73 73 69 6F 6E 5F 69 73 5F 72 65 67 69 73 74 65
72 65 64 28 22 76 61 6C 69 64 5F 75 73 65 72 22 29 29 0A 20 7B 0A 69 6E
63 6C 75 64 65 28 22 2E 2E 2F 69 6E 63 6C 75 64 65 2F 46 75 6E 63 74 69
6F 6E 44 42 2E 70 68 70 22 29 3B 0A 43 6F 6E 6E 65 63 74 44 42 28 29 3B
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 09 20 20 20 20 20 20 20
20 20 20 20 20 20 20 20 20 20 20 20 20 20 0A 24 73 71 6C 20 3D 20 22 20
55 50 44 41 54 45 20 73 75 62 6A 65 63 74 5F 74 62 20 53 45 54 20 43 6F
75 72 73 65 5F 63 6F 64 65 3D 27 24 43 6F 75 72 73 65 5F 63 6F 64 65 27
2C 53 75 62 43 61 74 65 5F 63 6F 64 65 3D 27 24 53 75 62 43 61 74 65 5F
63 6F 64 65 27 2C 53 75 62 6A 65 63 74 5F 67 72 6F 75 70 3D 27 24 53 75
62 6A 65 63 74 5F 67 72 6F 75 70 27 2C 53 75 62 6A 65 63 74 5F 63 6F 64
65 3D 27 24 53 75 62 6A 65 63 74 5F 63 6F 64 65 27 2C 53 75 62 6A 65 63
74 5F 6E 61 6D 65 3D 27 24 53 75 62 6A 65 63 74 5F 6E 61 6D 65 27 2C 55
6E 69 74 3D 27 24 55 6E 69 74 27 2C 54 65 72 6D 3D 27 24 54 65 72 6D 27
2C 43 6C 61 73 73 5F 6C 65 76 65 6C 3D 27 24 43 6C 61 73 73 5F 6C 65 76
65 6C 27 2C 54 6F 74 61 6C 5F 68 6F 75 72 3D 27 24 54 6F 74 61 6C 5F 68
6F 75 72 27 2C 4F 62 6A 65 63 74 69 76 65 3D 27 24 4F 62 6A 65 63 74 69
76 65 27 2C 44 65 74 61 69 6C 3D 27 24 44 65 74 61 69 6C 27 2C 43 6C 61
73 73 5F 41 66 66 65 63 74 3D 27 24 43 6C 61 73 73 5F 41 66 66 65 63 74
27 2C 41 66 66 65 63 74 5F 73 75 62 3D 27 24 41 66 66 65 63 74 5F 73 75
62 27 20 57 48 45 52 45 20 53 75 62 6A 65 63 74 5F 6E 6F 20 3D 27 24 53
75 62 6A 65 63 74 5F 6E 6F 27 20 22 3B 0A 24 72 65 73 75 6C 74 20 3D 20
6D 79 73 71 6C 5F 71 75 65 72 79 28 24 73 71 6C 29 20 6F 72 20 64 69 65
28 22 55 70 64 61 74 65 20 45 72 72 6F 72 20 24 73 71 6C 22 2E 6D 79 73
71 6C 5F 65 72 72 6F 72 28 29 29 3B 0A 2F 2F 65 63 68 6F 20 22 3C 63 65
6E 74 65 72 3E 22 3B 0A 2F 2F 65 63 68 6F 22 3C 66 6F 6E 74 20 66 61 63
65 3D 5C 22 4D 73 20 73 61 6E 20 73 65 72 69 66 5C 22 73 69 7A 65 3D 5C
22 34 5C 22 3E 3C 66 6F 6E 74 20 63 6F 6C 6F 72 3D 5C 22 30 30 30 30 46
46 5C 22 3E 24 46 6E 61 6D 65 3C 2F 66 6F 6E 74 3E 27 20 45 64 69 74 20
43 6F 6D 70 6C 65 74 65 20 3C 2F 66 6F 6E 74 3E 3C 2F 63 65 6E 74 65 72
3E 22 3B 0A 68 65 61 64 65 72 28 22 4C 6F 63 61 74 69 6F 6E 3A 45 64 69
74 53 75 62 6A 65 63 74 4C 69 73 74 2E 70 68 70 22 29 3B 09 09 09 0A 43
6C 6F 73 65 44 42 28 29 3B 0A 0A 09 7D 0A 65 6C 73 65 0A 7B 0A 20 20 20
20 20 20 20 65 63 68 6F 22 3C 6D 65 74 61 20 68 74 74 70 2D 65 71 75 69
76 3D 5C 22 72 65 66 72 65 73 68 5C 22 20 63 6F 6E 74 65 6E 74 3D 5C 22
33 3B 55 52 4C 3D 2E 2E 2F 2E 2E 2F 6C 6F 67 69 6E 2E 70 68 70 5C 22 20
74 61 72 67 65 74 3D 5C 22 6D 61 69 6E 46 72 61 6D 65 5C 22 3E 5C 6E 22
3B 0A 20 20 20 20 20 20 20 65 63 68 6F 22 50 6C 65 61 73 65 20 4C 6F 67
69 6E 20 22 3B 0A 7D 0A 3F 3E 0A 0A 0A 		<?php  session_start(); 
  if (session_is_registe
red("valid_user"))  { in
clude("../include/Functi
onDB.php"); ConnectDB();
                        
                        
                        
               $sql = " 
UPDATE subject_tb SET Co
urse_code='$Course_code'
,SubCate_code='$SubCate_
code',Subject_group='$Su
bject_group',Subject_cod
e='$Subject_code',Subjec
t_name='$Subject_name',U
nit='$Unit',Term='$Term'
,Class_level='$Class_lev
el',Total_hour='$Total_h
our',Objective='$Objecti
ve',Detail='$Detail',Cla
ss_Affect='$Class_Affect
',Affect_sub='$Affect_su
b' WHERE Subject_no ='$S
ubject_no' "; $result = 
mysql_query($sql) or die
("Update Error $sql".mys
ql_error()); //echo "<ce
nter>"; //echo"<font fac
e=\"Ms san serif\"size=\
"4\"><font color=\"0000F
F\">$Fname</font>' Edit 
Complete </font></center
>"; header("Location:Edi
tSubjectList.php");  C
loseDB();   } else {    
    echo"<meta http-equi
v=\"refresh\" content=\"
3;URL=../../login.php\" 
target=\"mainFrame\">\n"
;        echo"Please Log
in "; } ?>   

HEXDUMP: [Full] [Preview]
Base64: [Encode [+chunk [+chunk+quotes [Decode


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0119 ]--