Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/phpMyAdmin/libraries/ drwxr-xr-x |
Viewing file: Select action/file-type: <?php /* $Id: sqlvalidator.lib.php,v 2.3 2005/10/08 15:17:42 nijel Exp $ */ // vim: expandtab sw=4 ts=4 sts=4: /** * SQL Validator interface for phpMyAdmin * * Copyright 2002 Robin Johnson <robbat2@users.sourceforge.net> * http://www.orbis-terrarum.net/?l=people.robbat2 * * This function uses the Mimer SQL Validator service * <http://developer.mimer.com/validator/index.htm> from phpMyAdmin * * Copyright for Server side validator systems: * "All SQL statements are stored anonymously for statistical purposes. * Mimer SQL Validator, Copyright 2002 Upright Database Technology. * All rights reserved." * * All data is transported over HTTP-SOAP * And uses the PEAR SOAP Module * * Install instructions for PEAR SOAP * Make sure you have a really recent PHP with PEAR support * run this: "pear install Mail_Mime Net_DIME SOAP" * * Enable the SQL Validator options in the configuration file * $cfg['SQLQuery']['Validate'] = TRUE; * $cfg['SQLValidator']['use'] = FALSE; * * Also set a username and password if you have a private one */ // We need the PEAR libraries, so do a minimum version check first // I'm not sure if PEAR was available before this point // For now we actually use a configuration flag if ($cfg['SQLValidator']['use'] == TRUE) { require_once('./libraries/sqlvalidator.class.php'); } // if ($cfg['SQLValidator']['use'] == TRUE) /** * This function utilizes the Mimer SQL Validator service * to validate an SQL query * * <http://developer.mimer.com/validator/index.htm> * * @param string SQL query to validate * * @return string Validator result string * * @global array The PMA configuration array */ function PMA_validateSQL($sql) { global $cfg; $str = ''; if ($cfg['SQLValidator']['use']) { if (isset($GLOBALS['sqlvalidator_error']) && $GLOBALS['sqlvalidator_error']) { $str = sprintf($GLOBALS['strValidatorError'], '<a href="./Documentation.html#faqsqlvalidator" target="documentation">', '</a>'); } else { // create new class instance $srv = new PMA_SQLValidator(); // Checks for username settings // The class defaults to anonymous with an empty password // automatically if ($cfg['SQLValidator']['username'] != '') { $srv->setCredentials($cfg['SQLValidator']['username'], $cfg['SQLValidator']['password']); } // Identify ourselves to the server properly... $srv->appendCallingProgram('phpMyAdmin', PMA_VERSION); // ... and specify what database system we are using $srv->setTargetDbms('MySQL', PMA_MYSQL_STR_VERSION); // Log on to service $srv->start(); // Do service validation $str = $srv->validationString($sql); } } // end if // Gives string back to caller return $str; } // end of the "PMA_validateSQL()" function ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]-- |