!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/version_client/system/core/   drwxr-xr-x
Free 50.95 GB of 127.8 GB (39.86%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     CodeIgniter.php (10.93 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php  if ( ! defined('BASEPATH')) exit('No direct script access allowed');
/**
 * CodeIgniter
 *
 * An open source application development framework for PHP 5.1.6 or newer
 *
 * @package        CodeIgniter
 * @author        ExpressionEngine Dev Team
 * @copyright    Copyright (c) 2008 - 2011, EllisLab, Inc.
 * @license        http://codeigniter.com/user_guide/license.html
 * @link        http://codeigniter.com
 * @since        Version 1.0
 * @filesource
 */

// ------------------------------------------------------------------------

/**
 * System Initialization File
 *
 * Loads the base classes and executes the request.
 *
 * @package        CodeIgniter
 * @subpackage    codeigniter
 * @category    Front-controller
 * @author        ExpressionEngine Dev Team
 * @link        http://codeigniter.com/user_guide/
 */

/*
 * ------------------------------------------------------
 *  Define the CodeIgniter Version
 * ------------------------------------------------------
 */
    
define('CI_VERSION''2.0.2');

/*
 * ------------------------------------------------------
 *  Define the CodeIgniter Branch (Core = TRUE, Reactor = FALSE)
 * ------------------------------------------------------
 */
    
define('CI_CORE'FALSE);

/*
 * ------------------------------------------------------
 *  Load the global functions
 * ------------------------------------------------------
 */
    
require(BASEPATH.'core/Common'.EXT);

/*
 * ------------------------------------------------------
 *  Load the framework constants
 * ------------------------------------------------------
 */
    
if (defined('ENVIRONMENT') AND file_exists(APPPATH.'config/'.ENVIRONMENT.'/constants'.EXT))
    {
        require(
APPPATH.'config/'.ENVIRONMENT.'/constants'.EXT);
    }
    else
    {
        require(
APPPATH.'config/constants'.EXT);
    }

/*
 * ------------------------------------------------------
 *  Define a custom error handler so we can log PHP errors
 * ------------------------------------------------------
 */
    
set_error_handler('_exception_handler');

    if ( ! 
is_php('5.3'))
    {
        @
set_magic_quotes_runtime(0); // Kill magic quotes
    
}

/*
 * ------------------------------------------------------
 *  Set the subclass_prefix
 * ------------------------------------------------------
 *
 * Normally the "subclass_prefix" is set in the config file.
 * The subclass prefix allows CI to know if a core class is
 * being extended via a library in the local application
 * "libraries" folder. Since CI allows config items to be
 * overriden via data set in the main index. php file,
 * before proceeding we need to know if a subclass_prefix
 * override exists.  If so, we will set this value now,
 * before any classes are loaded
 * Note: Since the config file data is cached it doesn't
 * hurt to load it here.
 */
    
if (isset($assign_to_config['subclass_prefix']) AND $assign_to_config['subclass_prefix'] != '')
    {
        
get_config(array('subclass_prefix' => $assign_to_config['subclass_prefix']));
    }

/*
 * ------------------------------------------------------
 *  Set a liberal script execution time limit
 * ------------------------------------------------------
 */
    
if (function_exists("set_time_limit") == TRUE AND @ini_get("safe_mode") == 0)
    {
        @
set_time_limit(300);
    }

/*
 * ------------------------------------------------------
 *  Start the timer... tick tock tick tock...
 * ------------------------------------------------------
 */
    
$BM =& load_class('Benchmark''core');
    
$BM->mark('total_execution_time_start');
    
$BM->mark('loading_time:_base_classes_start');

/*
 * ------------------------------------------------------
 *  Instantiate the hooks class
 * ------------------------------------------------------
 */
    
$EXT =& load_class('Hooks''core');

/*
 * ------------------------------------------------------
 *  Is there a "pre_system" hook?
 * ------------------------------------------------------
 */
    
$EXT->_call_hook('pre_system');

/*
 * ------------------------------------------------------
 *  Instantiate the config class
 * ------------------------------------------------------
 */
    
$CFG =& load_class('Config''core');

    
// Do we have any manually set config items in the index.php file?
    
if (isset($assign_to_config))
    {
        
$CFG->_assign_to_config($assign_to_config);
    }

/*
 * ------------------------------------------------------
 *  Instantiate the UTF-8 class
 * ------------------------------------------------------
 *
 * Note: Order here is rather important as the UTF-8
 * class needs to be used very early on, but it cannot
 * properly determine if UTf-8 can be supported until
 * after the Config class is instantiated.
 *
 */

    
$UNI =& load_class('Utf8''core');

/*
 * ------------------------------------------------------
 *  Instantiate the URI class
 * ------------------------------------------------------
 */
    
$URI =& load_class('URI''core');

/*
 * ------------------------------------------------------
 *  Instantiate the routing class and set the routing
 * ------------------------------------------------------
 */
    
$RTR =& load_class('Router''core');
    
$RTR->_set_routing();

    
// Set any routing overrides that may exist in the main index file
    
if (isset($routing))
    {
        
$RTR->_set_overrides($routing);
    }

/*
 * ------------------------------------------------------
 *  Instantiate the output class
 * ------------------------------------------------------
 */
    
$OUT =& load_class('Output''core');

/*
 * ------------------------------------------------------
 *    Is there a valid cache file?  If so, we're done...
 * ------------------------------------------------------
 */
    
if ($EXT->_call_hook('cache_override') === FALSE)
    {
        if (
$OUT->_display_cache($CFG$URI) == TRUE)
        {
            exit;
        }
    }

/*
 * -----------------------------------------------------
 * Load the security class for xss and csrf support
 * -----------------------------------------------------
 */
    
$SEC =& load_class('Security''core');

/*
 * ------------------------------------------------------
 *  Load the Input class and sanitize globals
 * ------------------------------------------------------
 */
    
$IN    =& load_class('Input''core');

/*
 * ------------------------------------------------------
 *  Load the Language class
 * ------------------------------------------------------
 */
    
$LANG =& load_class('Lang''core');

/*
 * ------------------------------------------------------
 *  Load the app controller and local controller
 * ------------------------------------------------------
 *
 */
    // Load the base controller class
    
require BASEPATH.'core/Controller'.EXT;

    function &
get_instance()
    {
        return 
CI_Controller::get_instance();
    }


    if (
file_exists(APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller'.EXT))
    {
        require 
APPPATH.'core/'.$CFG->config['subclass_prefix'].'Controller'.EXT;
    }

    
// Load the local application controller
    // Note: The Router class automatically validates the controller path using the router->_validate_request().
    // If this include fails it means that the default controller in the Routes.php file is not resolving to something valid.
    
if ( ! file_exists(APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().EXT))
    {
        
show_error('Unable to load your default controller. Please make sure the controller specified in your Routes.php file is valid.');
    }

    include(
APPPATH.'controllers/'.$RTR->fetch_directory().$RTR->fetch_class().EXT);

    
// Set a mark point for benchmarking
    
$BM->mark('loading_time:_base_classes_end');

/*
 * ------------------------------------------------------
 *  Security check
 * ------------------------------------------------------
 *
 *  None of the functions in the app controller or the
 *  loader class can be called via the URI, nor can
 *  controller functions that begin with an underscore
 */
    
$class  $RTR->fetch_class();
    
$method $RTR->fetch_method();

    if ( ! 
class_exists($class)
        OR 
strncmp($method'_'1) == 0
        
OR in_array(strtolower($method), array_map('strtolower'get_class_methods('CI_Controller')))
        )
    {
        
show_404("{$class}/{$method}");
    }

/*
 * ------------------------------------------------------
 *  Is there a "pre_controller" hook?
 * ------------------------------------------------------
 */
    
$EXT->_call_hook('pre_controller');

/*
 * ------------------------------------------------------
 *  Instantiate the requested controller
 * ------------------------------------------------------
 */
    // Mark a start point so we can benchmark the controller
    
$BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_start');

    
$CI = new $class();

/*
 * ------------------------------------------------------
 *  Is there a "post_controller_constructor" hook?
 * ------------------------------------------------------
 */
    
$EXT->_call_hook('post_controller_constructor');

/*
 * ------------------------------------------------------
 *  Call the requested method
 * ------------------------------------------------------
 */
    // Is there a "remap" function? If so, we call it instead
    
if (method_exists($CI'_remap'))
    {
        
$CI->_remap($methodarray_slice($URI->rsegments2));
    }
    else
    {
        
// is_callable() returns TRUE on some versions of PHP 5 for private and protected
        // methods, so we'll use this workaround for consistent behavior
        
if ( ! in_array(strtolower($method), array_map('strtolower'get_class_methods($CI))))
        {
            
// Check and see if we are using a 404 override and use it.
            
if ( ! empty($RTR->routes['404_override']))
            {
                
$x explode('/'$RTR->routes['404_override']);
                
$class $x[0];
                
$method = (isset($x[1]) ? $x[1] : 'index');
                if ( ! 
class_exists($class))
                {
                    if ( ! 
file_exists(APPPATH.'controllers/'.$class.EXT))
                    {
                        
show_404("{$class}/{$method}");
                    }

                    include_once(
APPPATH.'controllers/'.$class.EXT);
                    unset(
$CI);
                    
$CI = new $class();
                }
            }
            else
            {
                
show_404("{$class}/{$method}");
            }
        }

        
// Call the requested method.
        // Any URI segments present (besides the class/function) will be passed to the method for convenience
        
call_user_func_array(array(&$CI$method), array_slice($URI->rsegments2));
    }


    
// Mark a benchmark end point
    
$BM->mark('controller_execution_time_( '.$class.' / '.$method.' )_end');

/*
 * ------------------------------------------------------
 *  Is there a "post_controller" hook?
 * ------------------------------------------------------
 */
    
$EXT->_call_hook('post_controller');

/*
 * ------------------------------------------------------
 *  Send the final rendered output to the browser
 * ------------------------------------------------------
 */
    
if ($EXT->_call_hook('display_override') === FALSE)
    {
        
$OUT->_display();
    }

/*
 * ------------------------------------------------------
 *  Is there a "post_system" hook?
 * ------------------------------------------------------
 */
    
$EXT->_call_hook('post_system');

/*
 * ------------------------------------------------------
 *  Close the DB connection if one exists
 * ------------------------------------------------------
 */
    
if (class_exists('CI_DB') AND isset($CI->db))
    {
        
$CI->db->close();
    }


/* End of file CodeIgniter.php */
/* Location: ./system/core/CodeIgniter.php */

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0118 ]--