!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\AmbienteBogota\aulavirtual\admin\   drwxrwxrwx
Free 4.08 GB of 39.52 GB (10.32%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     index.php (15.92 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/**
* $Id: index.php,v 1.9.2.22.2.21 2007/04/24 19:59:25 matteo Exp $
*
* The main admin backend index file
*
* @author       Thorsten Rinne <thorsten@phpmyfaq.de>
* @author       Bastian Poettner <bastian@poettner.net>
* @author       Meikel Katzengreis <meikel@katzengreis.com>
* @since        2002-09-16
* @copyright    (c) 2002-2007 phpMyFAQ Team
*
* The contents of this file are subject to the Mozilla Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS"
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
* License for the specific language governing rights and limitations
* under the License.
*/

define('PMF_ROOT_DIR'dirname(dirname(__FILE__)));

require_once(
PMF_ROOT_DIR.'/inc/functions.php');
require_once(
PMF_ROOT_DIR.'/inc/init.php');
define('IS_VALID_PHPMYFAQ_ADMIN'null);
PMF_Init::cleanRequest();

// delete cookie before sending a header
if (isset($_REQUEST['aktion']) && $_REQUEST['aktion'] == 'delcookie') {
    
setcookie('cuser'''time() + 30);
    
setcookie('cpass'''time() + 30);
}

// Read configuration, include classes and functions
require_once(PMF_ROOT_DIR.'/inc/data.php');
require_once(
PMF_ROOT_DIR.'/inc/db.php');
define('SQLPREFIX'$DB['prefix']);
$db db::db_select($DB['type']);
$db->connect($DB['server'], $DB['user'], $DB['password'], $DB['db']);
require_once(
PMF_ROOT_DIR.'/inc/config.php');
require_once(
PMF_ROOT_DIR.'/inc/constants.php');
require_once(
PMF_ROOT_DIR.'/inc/category.php');

// Set cookie before sending a header
if (isset($_POST["aktion"]) && $_POST["aktion"] == "setcookie") {
    if (isset(
$_POST["cuser"])) {
        
setcookie("cuser"$_POST["cuser"], time() + (86400 PMF_AUTH_TIMEOUT));
    }
    if (isset(
$_POST["cpass"])) {
        
setcookie("cpass"$_POST["cpass"], time() + (86400 PMF_AUTH_TIMEOUT));
    }
}

// HACK: do not use pmf_lang cookie if we're saving the PMF Configuration
if (isset($_REQUEST['aktion']) && ($_REQUEST['aktion'] == 'saveconfig')) {
    
// Read the language file that is going to be saved in the PMF configuration
    
$PMF_CONF['language'] = $_REQUEST['edit']['language'];
    
// Force a POST "lang" key: PMF_Init class will rewrite the pmf_lang cookie
    // according to the new value
    
$_POST['language'] = str_replace(array("language_"".php"), ""$PMF_CONF['language']);
}

// get language (default: english)
$pmf = new PMF_Init();
$LANGCODE $pmf->setLanguage((isset($PMF_CONF['detection']) ? true false), $PMF_CONF['language']);
// Preload English strings
require_once(PMF_ROOT_DIR.'/lang/language_en.php');

if (isset(
$LANGCODE) && PMF_Init::isASupportedLanguage($LANGCODE)) {
    
// Overwrite English strings with the ones we have in the current language
    
require_once(PMF_ROOT_DIR.'/lang/language_'.$LANGCODE.'.php');
} else {
    
$LANGCODE 'en';
}

// use mbstring extension if available
$valid_mb_strings = array('ja''en');
if (
function_exists('mb_language') && in_array($PMF_LANG['metaLanguage'], $valid_mb_strings)) {
    
mb_language($PMF_LANG['metaLanguage']);
    
mb_internal_encoding($PMF_LANG['metaCharset']);
}

unset(
$auth);

// If the cookie is set, take the data from it
if (isset($_COOKIE['cuser']) && !preg_match('/^[a-z0-9]$/i'$_COOKIE['cuser'])) {
    
$user $_COOKIE['cuser'];
} else {
    unset(
$user);
}
if (isset(
$_COOKIE['cpass']) && !preg_match('/^[a-z0-9]$/i'$_COOKIE['cpass'])) {
    
$pass $_COOKIE['cpass'];
} else {
    unset(
$pass);
}

// Delete old sessions
$db->query("DELETE FROM ".SQLPREFIX."faqadminsessions WHERE time < ".(time() - (PMF_AUTH_TIMEOUT 60)));

// Is there an UIN? -> take it for authentication
if (isset($_REQUEST['uin']) && preg_match('/^(\w{32})$/i'substr($_REQUEST['uin'], 032))) {
    
$uin substr($_REQUEST['uin'], 032);
} else {
    unset(
$uin);
}

if (isset(
$uin)) {
    
$query "SELECT usr, pass FROM ".SQLPREFIX."faqadminsessions WHERE uin = '".$uin."'";
    if (isset(
$PMF_CONF["ipcheck"]) && $PMF_CONF["ipcheck"] == "TRUE") {
        
$query .= " AND ip = '".$_SERVER["REMOTE_ADDR"]."'";
    }
    
$_result $db->query($query);

    if (
$row $db->fetch_object($_result)) {
        
$user $row->usr;
        
$pass $row->pass;
        
$db->query ("UPDATE ".SQLPREFIX."faqadminsessions SET time = ".time()." WHERE uin = '".$uin."'");
    } else {
        
adminlog("Session expired\nUIN: ".$uin);
        
$error $PMF_LANG["ad_auth_sess"];
        unset(
$auth);
        unset(
$uin);
        
$_REQUEST["aktion"] = "";
    }
}

// Authenticate the user from login POST variables
if (isset($_POST["faqusername"])) {
    
$user $db->escape_string($_POST["faqusername"]);
}
if (isset(
$_POST["faqpassword"])) {
    
$pass md5($db->escape_string($_POST["faqpassword"]));
}

if (isset(
$user) && isset($pass)) {

    
$query sprintf("SELECT id, name, realname, email, pass, rights FROM %sfaquser WHERE name = '%s' AND pass = '%s'"SQLPREFIX$user$pass);
    
$result $db->query($query);

    if (
$db->num_rows($result) != 1) {
        
// error
        
adminlog("Loginerror\nLogin: ".$user."\nPass: ".$pass);
        
$error $PMF_LANG["ad_auth_fail"]." (".$user." / *)";
        unset(
$auth);
        unset(
$uin);
        
$_REQUEST["aktion"] = "";
    } else {
        
// okay, write new session, if not written
        
$auth 1;
        if (!isset(
$uin)) {
            
$ok 0;
            while (!
$ok) {
                
srand((double)microtime()*1000000);
                
$uin md5(uniqid(rand()));
                if (
$db->num_rows($db->query("SELECT uin FROM ".SQLPREFIX."faqadminsessions WHERE uin = '".$uin."'")) < 1) {
                    
$ok 1;
                } else {
                    
$ok 0;
                }
            }
            
$db->query("INSERT INTO ".SQLPREFIX."faqadminsessions (uin, time, ip, usr, pass) VALUES ('".$uin."',".time().",'".$_SERVER["REMOTE_ADDR"]."','".$user."','".$pass."')");
        }
        
$linkext "?uin=".$uin;
        if (
$row $db->fetch_object($result)) {
            
$auth_id $row->id;
            
$auth_user $row->name;
            
$auth_pass $row->pass;
            
$auth_realname $row->realname;
            
$auth_email $row->email;

            
$num_rights count($faqrights);
            
$permission = array();
            for (
$i 1$j 0$i <= $num_rights$i++, $j++) {
                
$permission[$faqrights[$i]] = $row->rights{$j};
            }
        }
    }
}

// Logout - delete session
if (isset($_REQUEST["aktion"]) && $_REQUEST["aktion"] == "logout" && $auth) {
    
$db->query("DELETE FROM ".SQLPREFIX."faqadminsessions WHERE uin = '".$uin."'");
    unset(
$auth);
    unset(
$uin);
}

// Header of the admin page
require_once ("header.php");
if (isset(
$auth)) {
    require_once (
"menue.php");
}
?>
</div>
<div id="bodyText">
<?php
// User is authenticated
if (isset($auth)) {
    if (isset(
$_REQUEST["aktion"])) {
        
// the various sections of the admin area
        
switch ($_REQUEST["aktion"]) {
            
// functions for user administration
            
case 'user':
            case 
'addsave':
            case 
'usersave':
            case 
'deluser':                 require_once ('user.list.php'); break;
            case 
"useredit":                require_once ("user.edit.php"); break;
            case 
"userdel":                    require_once ("user.question.php"); break;
            case 
"useradd":                    require_once ("user.add.php"); break;
            
// functions for record administration
            
case "view":                    require_once ("record.show.php"); break;
            case 
"accept":                    require_once ("record.show.php"); break;
            case 
"zeichan":                    require_once ("record.show.php"); break;
            case 
"takequestion":            require_once ("record.edit.php"); break;
            case 
"editentry":                require_once ("record.edit.php"); break;
            case 
"editpreview":             require_once ("record.edit.php"); break;
            case 
"delcomment":                require_once ("record.delcommentform.php"); break;
            case 
"deletecomment":            require_once ("record.delcomment.php"); break;
            case 
"insertentry":                require_once ("record.add.php"); break;
            case 
"saveentry":                require_once ("record.save.php"); break;
            case 
"delentry":                require_once ("record.delete.php"); break;
            case 
"delatt":                    require_once ("record.delatt.php"); break;
            case 
"question":                require_once ("record.delquestion.php"); break;
            
// news administraion
            
case "news":                    require_once ("news.php"); break;
            
// category administration
            
case 'category':
            case 
'savecategory':
            case 
'updatecategory':
            case 
'removecategory':          require_once ('category.main.php'); break;
            case 
"deletecategory":          require_once ("category.delete.php"); break;
            case 
"addcategory":             require_once ("category.add.php"); break;
            case 
"editcategory":            require_once ("category.edit.php"); break;
            case 
"cutcategory":             require_once ("category.cut.php"); break;
            case 
"pastecategory":           require_once ("category.paste.php"); break;
            case 
"movecategory":            require_once ("category.move.php"); break;
            case 
"changecategory":          require_once ("category.change.php"); break;
            
// functions for cookie administration
            
case "setcookie":                require_once ("cookie.check.php"); break;
            case 
"cookies":                    require_once ("cookie.check.php"); break;
            case 
"delcookie":                require_once ("cookie.check.php"); break;
            
// adminlog administration
            
case "adminlog":                require_once ("adminlog.php"); break;
            
// functions for password administration
            
case "passwd":                    require_once ("pwd.change.php"); break;
            case 
"savepwd":                    require_once ("pwd.save.php"); break;
            
// functions for session administration
            
case "viewsessions":            require_once ("stat.main.php"); break;
            case 
"sessionbrowse":            require_once ("stat.browser.php"); break;
            case 
"sessionsearch":            require_once ("stat.query.php"); break;
            case 
"sessionsuche":            require_once ("stat.form.php"); break;
            case 
"viewsession":                require_once ("stat.show.php"); break;
            case 
"statistik":                require_once ("stat.ratings.php"); break;
            
// functions for config administration
            
case "editconfig":                require_once ("config.edit.php"); break;
            case 
"saveconfig":                require_once ("config.save.php"); break;
            
// functions for backup administration
            
case "csv":                        require_once ("backup.main.php"); break;
            case 
"restore":                    require_once ("backup.import.php"); break;
            case 
"xml":                        require_once ("backup.xml.php"); break;
            
// functions for FAQ export
            
case "export":                    require_once ("export.main.php"); break;
            case 
'plugins':                 require_once ('plugins.main.php'); break;
            case 
'firefoxsearch':            require_once ('plugins.firefoxsearch.php'); break;
            case 
'msiesearch':                require_once ('plugins.msiesearch.php'); break;
            default:                        print 
"Error"; break;
        }
    } else {
        
// start page with some informations about the FAQ
        
print '<h2>Informacion</h2>';
        
$PMF_TABLE_INFO $db->getTableStatus();
?>
    <dl class="table-display">
        <dt><strong><?php print $PMF_LANG["ad_start_visits"]; ?></strong></dt>
        <dd><?php print $PMF_TABLE_INFO[SQLPREFIX."faqsessions"]; ?></dd>
        <dt><strong><?php print $PMF_LANG["ad_start_articles"]; ?></strong></dt>
        <dd><?php print $PMF_TABLE_INFO[SQLPREFIX."faqdata"]; ?></dd>
        <dt><strong><?php print $PMF_LANG["ad_start_comments"]; ?></strong></dt>
        <dd><?php print $PMF_TABLE_INFO[SQLPREFIX."faqcomments"]; ?></dd>
        <dt><strong><?php print $PMF_LANG["msgOpenQuestions"]; ?></strong></dt>
        <dd><?php print $PMF_TABLE_INFO[SQLPREFIX."faqfragen"]; ?></dd>
    </dl>
<?php
        $rg 
= (== @ini_get('register_globals')) ? 'on' 'off';
        
$sm = (== @ini_get('safe_mode')) ? 'on' 'off';
?>
    <h2>Bienvenido</h2>
    <!--
    <dl class="table-display">
        <!--<dt><strong>phpMyFAQ Version</strong></dt>
        <dd>phpMyFAQ <?//php //print PMF_htmlentities($PMF_CONF['version'], ENT_QUOTES, $PMF_LANG['metaCharset']); ?></dd>
        <dt><strong>Server Software</strong></dt>
        <dd><?//php //print $_SERVER['SERVER_SOFTWARE']; ?></dd>
        <dt><strong>PHP Version</strong></dt>
        <dd>PHP <?//php //print phpversion(); ?></dd>
        <dt><strong>Register Globals</strong></dt>
        <dd><?//php //print $rg; ?></dd>
        <dt><strong>Safe Mode</strong></dt>
        <dd><?//php //print $sm; ?></dd>
        <dt><strong>Database Client Version</strong></dt>
        <dd><?//php //print $db->client_version(); ?></dd>
        <dt><strong>Database Server Version</strong></dt>
        <dd><?//php //print $db->server_version(); ?></dd>
        <dt><strong>Webserver Interface</strong></dt>
        <dd><?//php //print strtoupper(@php_sapi_name()); ?></dd>
    </dl>
    <h2>Online Version Information</h2>
    -->
<?php
        
if (isset($_POST["param"]) && $_POST["param"] == "version") {
            require_once (
PMF_ROOT_DIR."/inc/xmlrpc.php");
            
$param $_POST["param"];
            
$xmlrpc = new xmlrpc_client("/xml/version.php""www.phpmyfaq.de"80);
            
$msg = new xmlrpcmsg("phpmyfaq.version", array(new xmlrpcval($param"string")));
            
$answer $xmlrpc->send($msg);
            
$result $answer->value();
            if (
$answer->faultCode()) {
                print 
"<p>Error: ".$answer->faultCode()." (" .htmlspecialchars($answer->faultString()).")</p>";
            } else {
                
printf('<p>%s <a href="http://www.phpmyfaq.de" target="_blank">www.phpmyfaq.de</a>: <strong>phpMyFAQ %s</strong>'$PMF_LANG['ad_xmlrpc_latest'], $result->scalarval());
                
// Installed phpMyFAQ version is outdated
                
if (-== version_compare($PMF_CONF["version"], $result->scalarval())) {
                    print 
'<br />'.$PMF_LANG['ad_you_should_update'];
                }
                print 
'</p>';
            }
        } else {
?>
   <!-- <form action="<?//php print $_SERVER["PHP_SELF"].$linkext; ?>" method="post">
    <input type="hidden" name="param" value="version" />
    <input class="submit" type="submit" value="<?//php print $PMF_LANG["ad_xmlrpc_button"]; ?>" />
    </form>
    -->
<?php
        
}
    }
} else {
?>
    <form action="<?php print $_SERVER["PHP_SELF"]; ?>" method="post">
    <fieldset class="login">
        <legend class="login">Login</legend>
<?php
    
if (isset($_REQUEST["aktion"]) && $_REQUEST["aktion"] == "logout") {
        print 
"<p>".$PMF_LANG["ad_logout"]."</p>";
    }
    if (isset(
$error)) {
        print 
"<p><strong>".$error."</strong></p>\n";
    } else {
        print 
"<p><strong>".$PMF_LANG["ad_auth_insert"]."</strong></p>\n";
    }
?>
        <label class="left"><?php print $PMF_LANG["ad_auth_user"]; ?></label>
        <input type="text" name="faqusername" size="20" /><br />

        <label class="left"><?php print $PMF_LANG["ad_auth_passwd"]; ?></label>
        <input type="password" size="20" name="faqpassword" /><br />

        <input class="submit" style="margin-left: 190px;" type="submit" value="<?php print $PMF_LANG["ad_auth_ok"]; ?>" />
        <input class="submit" type="reset" value="<?php print $PMF_LANG["ad_auth_reset"]; ?>" />

        <p><img src="images/arrow.gif" width="11" height="11" alt="<?php print $PMF_LANG["lostPassword"]; ?>" border="0" /> <a href="password.php" title="<?php print $PMF_LANG["lostPassword"]; ?>">
<?php print $PMF_LANG["lostPassword"]; ?>
</a></p>
        <p><img src="images/arrow.gif" width="11" height="11" alt="<?php print PMF_htmlentities($PMF_CONF['title'], ENT_QUOTES$PMF_LANG['metaCharset']); ?> FAQ" border="0" /> <a href="../index.php" title="<?php print PMF_htmlentities($PMF_CONF['title'], ENT_QUOTES$PMF_LANG['metaCharset']); ?> FAQ"><?php print PMF_htmlentities($PMF_CONF['title'], ENT_QUOTES$PMF_LANG['metaCharset']); ?> FAQ</a></p>

    </fieldset>
    </form>

<?php
}

if (
DEBUG == true) {
    
printf("<p>DEBUG INFORMATION:</p>\n<p>%s</p>"$db->sqllog());
}

require_once (
'footer.php');
$db->dbclose();

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--