!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/stdalumni/application/controllers/info/   drwxr-xr-x
Free 50.66 GB of 127.8 GB (39.64%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     info.php (3.46 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
require_once(dirname(dirname(__FILE__)).'/my_controller.php');
class Info extends My_controller {
    function showSystem(){
        $this->session->unset_userdata('mmn');
        $this->session->unset_userdata('StID');
        $this->session->unset_userdata('GpID');
        $this->session->unset_userdata('MnID');

        $uid $this->session->userdata('UsID');
        $this->load->model('ums/m_umgroup','');
        $data['system'] = $this->m_umgroup->RSWorkGroupByUsID($uid);
        $this->body $this->load->view('info/v_info',$data,TRUE);
        $this->show();
    }

    function mainMenu($stid='',$gpid=''){
        if ($this->input->server('REQUEST_METHOD') === 'POST')
        {// do something 
            $stid $this->input->post('stid');
            $gpid $this->input->post('gpid');
        }
        //echo $stid." ".$gpid;

            $this->load->model('ums/m_umgroup','obj');
            $rs $this->obj->getGpNameTByIdStId($stid,$gpid);
            //var_dump($rs);die;
            $name preg_split('[-]'$rs['GpNameT']);
            if(!isset($name[1]))
                $name[1] = $name[0];
//            if(!isset($name[1])){
//                $name[1] = $name[0];
//                $name[0] = $rs['StNameT'];
//            }

            $sys = array(    'StName'  => $name[0],
                            'GpName' => $name[1],
                            'StID' => $stid,
                            'GpID' => $gpid);
                    
            $this->session->set_userdata($sys);
            
            $this->body $this->load->view('info/v_info','',TRUE);
            $this->show();
    }

    function subMenu($stid='',$mnid=''){//$stid,$mnid
        if ($this->input->server('REQUEST_METHOD') === 'POST')
        {// do something 
            $stid $this->input->post('stid');
            $mnid $this->input->post('mnid');
        }

            $this->session->set_userdata('MnID',$mnid);

            $stid $this->session->userdata('StID');
            $gpid $this->session->userdata('GpID');
            $UsID $this->session->userdata('UsID');

        //    $this->setCRUD($UsID,$gpid,$mnid);


            $this->load->model('ums/m_ummenu','');

            $rsmn $this->m_ummenu->SearchByMnID($mnid);

            if($rsmn['MnURL']!=""){
                redirect($rsmn['StURL'].$rsmn['MnURL']);
            }else{
                $i 0;
                $m1 = array();
                $this->getMenu($m1,$i,$stid,$gpid,$UsID,$mnid,1);

            $sm = array( 'sm' => $m1);    
            $this->body $this->load->view('info/v_info',$sm,TRUE);
            $this->show();
            }
    }

    function getMenu(&$m1,&$i,$stid,$gpid,$UsID,$mnid,$mnlevel){
        $this->load->model('ums/m_ummenu','mn');
        $mn $this->mn;
        
        $rs $mn->RSByStIDGpIDUsIDPrIDLv($stid,$gpid,$UsID,$mnid,$mnlevel);
        foreach($rs->result() as $r){
            $m1[$i] = array( 'MnStID' => $r->MnStID,
                            'MnID' => $r->MnID,
                            'MnNameT' => $r->MnNameT,
                            'MnURL' => $r->MnURL,
                            'MnLevel' => $r->MnLevel,
                            'StURL' => $r->StURL);
            $i++;
            $rs $mn->RSByParentMn($r->MnID);
            if($rs->num_rows() > 0) {
                $level $mnlevel+1;
                $this->getMenu($m1,$i,$stid,$gpid,$UsID,$r->MnID,$level);
            }
        }
    }
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0071 ]--