!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/models/ums/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     da_umuser.php (1.92 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
class Da_umuser extends CI_Model {
    
// PK is UsID

    
public $UsID;
    public 
$UsName;
    public 
$UsLogin;
    public 
$UsPassword;
    public 
$UsPsCode;
    public 
$UsWgID;
    public 
$UsQsID;
    public 
$UsAnswer;
    public 
$UsEmail;
    public 
$UsActive;
    public 
$UsAdmin;
    public 
$UsDesc;
    public 
$UsPwdExpDt;
    public 
$UsUpdDt;
    public 
$UsUpdUsID;
    public 
$UsSessionID;

    function 
Da_umuser() {
        
parent::__construct();
        
$this->db $this->load->database('ums'TRUE);
    }

    function 
insert() {
        
$sql "INSERT INTO umuser (UsName, UsLogin, UsPassword, UsPsCode, UsWgID, UsQsID, UsAnswer, UsEmail, UsActive, UsAdmin, UsDesc, UsPwdExpDt, UsUpdDt, UsUpdUsID, UsSessionID)
                    VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
;
        
$this->db->query($sql, array($this->UsName$this->UsLogin$this->UsPassword$this->UsPsCode$this->UsWgID$this->UsQsID$this->UsAnswer$this->UsEmail$this->UsActive$this->UsAdmin$this->UsDesc$this->UsPwdExpDt$this->UsUpdDt$this->UsUpdUsID$this->UsSessionID));
    }

    function 
update() {
        
$sql "UPDATE umuser SET 
                    UsName = ?, 
                    UsLogin = ?, 
                    UsPassword = ?, 
                    UsPsCode = ?, 
                    UsWgID = ?, 
                    UsQsID = ?, 
                    UsAnswer = ?, 
                    UsEmail = ?, 
                    UsActive = ?, 
                    UsAdmin = ?, 
                    UsDesc = ?, 
                    UsPwdExpDt = ?, 
                    UsUpdDt = ?, 
                    UsUpdUsID = ?, 
                    UsSessionID = ? 
                WHERE UsID = ? "
;
        
$this->db->query($sql, array($this->UsName$this->UsLogin$this->UsPassword$this->UsPsCode$this->UsWgID$this->UsQsID$this->UsAnswer$this->UsEmail$this->UsActive$this->UsAdmin$this->UsDesc$this->UsPwdExpDt$this->UsUpdDt$this->UsUpdUsID$this->UsSessionID$this->UsID));
    }

    function 
delete($key) {
        
$sql "DELETE FROM umuser WHERE UsID = ? ";
        
$this->db->query($sql, array($key));
    }

    function 
getByKey($key) {
        
$sql "SELECT * FROM umuser WHERE UsID = ? ";
        
$query $this->db->query($sql, array($key)) ;
        return 
$query ;
    }

//=== end class da_umuser

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.006 ]--