!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/system/core/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     Config.php (7.07 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
 * CodeIgniter
 *
 * An open source application development framework for PHP 5.1.6 or newer
 *
 * @package        CodeIgniter
 * @author        ExpressionEngine Dev Team
 * @copyright    Copyright (c) 2008 - 2011, EllisLab, Inc.
 * @license        http://codeigniter.com/user_guide/license.html
 * @link        http://codeigniter.com
 * @since        Version 1.0
 * @filesource
 */

// ------------------------------------------------------------------------

/**
 * CodeIgniter Config Class
 *
 * This class contains functions that enable config files to be managed
 *
 * @package        CodeIgniter
 * @subpackage    Libraries
 * @category    Libraries
 * @author        ExpressionEngine Dev Team
 * @link        http://codeigniter.com/user_guide/libraries/config.html
 */
class CI_Config {

    var 
$config = array();
    var 
$is_loaded = array();
    var 
$_config_paths = array(APPPATH);

    
/**
     * Constructor
     *
     * Sets the $config data from the primary config.php file as a class variable
     *
     * @access   public
     * @param   string    the config file name
     * @param   boolean  if configuration values should be loaded into their own section
     * @param   boolean  true if errors should just return false, false if an error message should be displayed
     * @return  boolean  if the file was successfully loaded or not
     */
    
function __construct()
    {
        
$this->config =& get_config();
        
log_message('debug'"Config Class Initialized");

        
// Set the base_url automatically if none was provided
        
if ($this->config['base_url'] == '')
        {
            if (isset(
$_SERVER['HTTP_HOST']))
            {
                
$base_url = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' 'https' 'http';
                
$base_url .= '://'$_SERVER['HTTP_HOST'];
                
$base_url .= str_replace(basename($_SERVER['SCRIPT_NAME']), ''$_SERVER['SCRIPT_NAME']);
            }

            else
            {
                
$base_url 'http://localhost/';
            }

            
$this->set_item('base_url'$base_url);
        }
    }

    
// --------------------------------------------------------------------

    /**
     * Load Config File
     *
     * @access    public
     * @param    string    the config file name
     * @param   boolean  if configuration values should be loaded into their own section
     * @param   boolean  true if errors should just return false, false if an error message should be displayed
     * @return    boolean    if the file was loaded correctly
     */
    
function load($file ''$use_sections FALSE$fail_gracefully FALSE)
    {
        
$file = ($file == '') ? 'config' str_replace(EXT''$file);
        
$found FALSE;
        
$loaded FALSE;

        foreach (
$this->_config_paths as $path)
        {
            
$check_locations defined('ENVIRONMENT')
                ? array(
ENVIRONMENT.'/'.$file$file)
                : array(
$file);

            foreach (
$check_locations as $location)
            {
                
$file_path $path.'config/'.$location.EXT;

                if (
in_array($file_path$this->is_loadedTRUE))
                {
                    
$loaded TRUE;
                    continue 
2;
                }

                if (
file_exists($file_path))
                {
                    
$found TRUE;
                    break;
                }
            }

            if (
$found === FALSE)
            {
                continue;
            }

            include(
$file_path);

            if ( ! isset(
$config) OR ! is_array($config))
            {
                if (
$fail_gracefully === TRUE)
                {
                    return 
FALSE;
                }
                
show_error('Your '.$file_path.' file does not appear to contain a valid configuration array.');
            }

            if (
$use_sections === TRUE)
            {
                if (isset(
$this->config[$file]))
                {
                    
$this->config[$file] = array_merge($this->config[$file], $config);
                }
                else
                {
                    
$this->config[$file] = $config;
                }
            }
            else
            {
                
$this->config array_merge($this->config$config);
            }

            
$this->is_loaded[] = $file_path;
            unset(
$config);

            
$loaded TRUE;
            
log_message('debug''Config file loaded: '.$file_path);
        }

        if (
$loaded === FALSE)
        {
            if (
$fail_gracefully === TRUE)
            {
                return 
FALSE;
            }
            
show_error('The configuration file '.$file.EXT.' does not exist.');
        }

        return 
TRUE;
    }

    
// --------------------------------------------------------------------

    /**
     * Fetch a config file item
     *
     *
     * @access    public
     * @param    string    the config item name
     * @param    string    the index name
     * @param    bool
     * @return    string
     */
    
function item($item$index '')
    {
        if (
$index == '')
        {
            if ( ! isset(
$this->config[$item]))
            {
                return 
FALSE;
            }

            
$pref $this->config[$item];
        }
        else
        {
            if ( ! isset(
$this->config[$index]))
            {
                return 
FALSE;
            }

            if ( ! isset(
$this->config[$index][$item]))
            {
                return 
FALSE;
            }

            
$pref $this->config[$index][$item];
        }

        return 
$pref;
    }

    
// --------------------------------------------------------------------

    /**
     * Fetch a config file item - adds slash after item
     *
     * The second parameter allows a slash to be added to the end of
     * the item, in the case of a path.
     *
     * @access    public
     * @param    string    the config item name
     * @param    bool
     * @return    string
     */
    
function slash_item($item)
    {
        if ( ! isset(
$this->config[$item]))
        {
            return 
FALSE;
        }

        return 
rtrim($this->config[$item], '/').'/';
    }

    
// --------------------------------------------------------------------

    /**
     * Site URL
     *
     * @access    public
     * @param    string    the URI string
     * @return    string
     */
    
function site_url($uri '')
    {
        if (
$uri == '')
        {
            return 
$this->slash_item('base_url').$this->item('index_page');
        }

        if (
$this->item('enable_query_strings') == FALSE)
        {
            if (
is_array($uri))
            {
                
$uri implode('/'$uri);
            }

            
$index $this->item('index_page') == '' '' $this->slash_item('index_page');
            
$suffix = ($this->item('url_suffix') == FALSE) ? '' $this->item('url_suffix');
            return 
$this->slash_item('base_url').$index.trim($uri'/').$suffix;
        }
        else
        {
            if (
is_array($uri))
            {
                
$i 0;
                
$str '';
                foreach (
$uri as $key => $val)
                {
                    
$prefix = ($i == 0) ? '' '&';
                    
$str .= $prefix.$key.'='.$val;
                    
$i++;
                }

                
$uri $str;
            }

            return 
$this->slash_item('base_url').$this->item('index_page').'?'.$uri;
        }
    }

    
// --------------------------------------------------------------------

    /**
     * System URL
     *
     * @access    public
     * @return    string
     */
    
function system_url()
    {
        
$x explode("/"preg_replace("|/*(.+?)/*$|""\\1"BASEPATH));
        return 
$this->slash_item('base_url').end($x).'/';
    }

    
// --------------------------------------------------------------------

    /**
     * Set a config file item
     *
     * @access    public
     * @param    string    the config item key
     * @param    string    the config item value
     * @return    void
     */
    
function set_item($item$value)
    {
        
$this->config[$item] = $value;
    }

    
// --------------------------------------------------------------------

    /**
     * Assign to Config
     *
     * This function is called by the front controller (CodeIgniter.php)
     * after the Config class is instantiated.  It permits config items
     * to be assigned or overriden by variables contained in the index.php file
     *
     * @access    private
     * @param    array
     * @return    void
     */
    
function _assign_to_config($items = array())
    {
        if (
is_array($items))
        {
            foreach (
$items as $key => $val)
            {
                
$this->set_item($key$val);
            }
        }
    }
}

// END CI_Config class

/* End of file Config.php */
/* Location: ./system/core/Config.php */

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0065 ]--