!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/js/   drwxr-xr-x
Free 52 GB of 127.8 GB (40.69%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     user_password.js (5.6 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
/* $Id: user_password.js,v 1.1 2005/11/23 19:10:30 nijel Exp $ */


/**
 * Validates the password field in a form
 *
 * @param   object   the form
 *
 * @return  boolean  whether the field value is valid or not
 */
function checkPassword(the_form)
{
    // Gets the elements pointers
    if (the_form.name == 'addUserForm' || the_form.name == 'chgPassword') {
        var pswd_index = 1;
        var pswd1_name = 'pma_pw';
        var pswd2_name = 'pma_pw2';
    } else {
        pswd_index     = 2;
        pswd1_name     = 'new_pw';
        pswd2_name     = 'new_pw2';
    }

    // Validates
    if (the_form.elements['nopass'][pswd_index].checked) {
        if (the_form.elements[pswd1_name].value == '') {
            alert(jsPasswordEmpty);
            the_form.elements[pswd2_name].value = '';
            the_form.elements[pswd1_name].focus();
            return false;
        } else if (the_form.elements[pswd1_name].value != the_form.elements[pswd2_name].value) {
            alert(jsPasswordNotSame);
            the_form.elements[pswd1_name].value  = '';
            the_form.elements[pswd2_name].value = '';
            the_form.elements[pswd1_name].focus();
            return false;
        } // end if...else if
    } // end if

    return true;
} // end of the 'checkPassword()' function


/**
 * Validates the "add an user" form
 *
 * @return  boolean  whether the form is validated or not
 */
function checkAddUser()
{
    var the_form = document.forms['addUserForm'];

    if (the_form.elements['anyhost'][1].checked && the_form.elements['host'].value == '') {
        alert(jsHostEmpty);
        the_form.elements['host'].focus();
        return false;
    }

    if (the_form.elements['anyuser'][1].checked && the_form.elements['pma_user'].value == '') {
        alert(jsUserEmpty);
        the_form.elements['pma_user'].focus();
        return false;
    }

    return checkPassword(the_form);
} // end of the 'checkAddUser()' function


/**
 * Validates the "update a profile" form
 *
 * @return  boolean  whether the form is validated or not
 */
function checkUpdProfile()
{
    var the_form = document.forms['updUserForm'];

    if (the_form.elements['anyhost'][1].checked && the_form.elements['new_server'].value == '') {
        alert(jsHostEmpty);
        the_form.elements['new_server'].focus();
        return false;
    }

    if (the_form.elements['anyuser'][1].checked && the_form.elements['new_user'].value == '') {
        alert(jsUserEmpty);
        the_form.elements['new_user'].focus();
        return false;
    }

    return checkPassword(the_form);
} // end of the 'checkUpdProfile()' function


/**
 * Gets the list of selected options in combo
 *
 * @param   object  the form to check
 *
 * @return  string  the list of selected options
 */
function getSelected(the_field) {
    var the_list = '';
    var opts     = the_field.options;
    var opts_cnt = opts.length;

    for (var i = 0; i < opts_cnt; i++) {
        if (opts[i].selected) {
            the_list += opts[i].text + ', ';
        }
    } // end for

    return the_list.substring(0, the_list.length - 2);
} // end of the 'getSelected()' function


/**
 * Reloads the page to get tables names in a database or fields names in a
 * table
 *
 * @param  object  the input text box to build the query from
 */
function change(the_field) {
    var l        = location.href;
    var lpos     = l.indexOf('?lang');
    var box_name = the_field.name;
    var the_form = the_field.form.elements;
    var sel_idx  = null;

    if (box_name == 'newdb') {
        the_form['anydb'][0].checked = true;
        the_form['anytable'][0].checked = true;
        the_form['anycolumn'][0].checked = true;
        if (typeof(the_form['dbgrant']) != 'undefined') {
            the_form['dbgrant'].selectedIndex = -1;
        }
        if (typeof(the_form['tablegrant']) != 'undefined') {
            the_form['tablegrant'].selectedIndex = -1;
        }
        if (typeof(the_form['colgrant']) != 'undefined') {
            the_form['colgrant'].selectedIndex = -1;
        }
    }
    else {
        if (lpos <= 0) {
            l        += '?lang=' + the_form['lang'].value
                     +  '&convcharset=' . the_form['convcharset'].value
                     +  '&server=' + the_form['server'].value
                     +  '&grants=1'
                     +  '&host=' + escape(the_form['host'].value)
                     +  '&pma_user=' + escape(the_form['pma_user'].value);
            sel_idx  = the_form['dbgrant'].selectedIndex;
            if (sel_idx > 0) {
                l    += '&dbgrant=' + escape(the_form['dbgrant'].options[sel_idx].text);
            }
            sel_idx  = the_form['tablegrant'].selectedIndex;
            if (sel_idx > 0) {
                l    += '&tablegrant=' + escape(the_form['tablegrant'].options[sel_idx].text);
            }
        }

        var lpos = l.indexOf('&' + box_name);
        if (lpos > 0) {
            l = l.substring(0, lpos);
        } // end if

        location.href = l + '&' + box_name + '=' + escape(getSelected(the_field));
    }

} // end of the 'change()' function


/**
 * Checks/unchecks all privileges
 *
 * @param   string   the form name
 * @param   boolean  whether to check or to uncheck the element
 *
 * @return  boolean  always true
 */
function checkForm(the_form, do_check) {
    var elts      = document.forms[the_form].elements;
    var elts_cnt  = elts.length;

    for (var i = 0; i < elts_cnt; i++) {
        var whichElt = elts[i].name;
        if (whichElt.indexOf('_priv') >= 0) {
            document.forms[the_form].elements[whichElt].checked = do_check;
        } // end if
    } // end for

    return true;
} // end of the 'checkForm()' function

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0126 ]--