!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\AmbienteBogota\comments\admin\   drwxrwxrwx
Free 4.08 GB of 39.52 GB (10.32%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     manage.php (3.56 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/**
*  Copyright 2008 Grestul Group 
*  Powered by Grestul
**/
?>
<?php session_start
();
require 
"inc/config.php";
if(!isset(
$_SESSION['loggedin'])) {
   
header('Location: index.php?error=1');
   exit();
}
$did SafeAddSlashes($_GET['did']);
if(isset(
$_GET['did'])) {

$req "DELETE FROM comments WHERE ID=$did";
$result mysql_query ($req,$db);
header('Location: '.$domain.'/admin/manage.php');
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
    <title><?php echo "$webad"?></title>
      <link href="inc/admin.css" rel="stylesheet" type="text/css" />
      <link href="inc/manage.css" rel="stylesheet" type="text/css" />
</head>
<body>
<img src="inc/images/logo.png" class="logo" />
<div class="logout"><a href="close.php">Logout</a></div>
<div class="navi">
<a href="home.php"><img src="inc/images/homeoff.png" class="navihoff" /></a>
<a href="management.php"><img src="inc/images/manageon.png" class="navion" /></a>
<a href="stylehome.php"><img src="inc/images/styleoff.png" class="navioff" /></a>
</div>


        <div class="contentrep">
    <div class="infobar">
        <div class="infotext">
    <br />
    <div align="center">

<form method="post" action="results.php">
<input type="text" name="search" size="50">
<select name="menu">
<option value="ID">CID (comment ID)</option>
<option value="name">Name</option>
<option value="comment">Comment</option>
</select>
<input type="submit" value="Search">
</form> 
    </div>
      </div>
    </div>
        <div class="btite">
      Grestul Management - Remove Comments
        </div>
  <div class="bodycontent">
  <div id="wrapper">
<?php
// Get total Number of Comments

$count_sql 'SELECT * FROM comments';
$count_result mysql_query($count_sql);
$count mysql_num_rows($count_result);
echo 
"[Total posted comments: <b>$count</b>]";
echo 
'    <br />';
echo 
'    <br />';

$req "SELECT ID, name, comment, ip, datetime FROM comments ORDER BY ID desc";
$result mysql_query ($req,$db);
while(
$row mysql_fetch_assoc($result)) {
mysql_real_escape_string($ID stripslashes($row['ID']));
mysql_real_escape_string($name stripslashes(htmlentities($row['name'])));
mysql_real_escape_string($comment stripslashes(htmlentities($row['comment'])));
mysql_real_escape_string($ip stripslashes($row['ip']));

echo 
'<div class="comment">'."\n";
echo 
'    <div class="postertime">'."\n";
echo 
'    <span class="poster">';
echo 
"$name";
echo 
'</span> - <span><a href="?did='.$ID.'" class="remove">[Remove]</a>
<a href="#wrapper" class="remove">[Top]</a>'
;
echo 
' - [IP: '."$ip] [CID: $ID]</span>";
echo 
'    </div>'."\n\n";
echo 
'    <div class="usercomment">'."\n";
echo 
'        <p>'.(nl2br($comment)).'</p>'."\n";
echo 
'    </div>'."\n\n";

echo 
'</div>'."\n\n";
}
mysql_free_result($result);
?>

<p><a href="#wrapper" title="top" class="top">Back to top</a></p>
</div>
</div>

        </div>
<div class="footer">
<!-- DO NOT CHANGE, REMOVE, OR HINDER WITH THE COPYRIGHT OR POWERED BY LINES BELOW -->
<!-- YOU AGREED TO THE AGREEMENT WHEN YOU DOWNLOADED AND INSTALLED OUR SOFTWARE -->
<!-- REMOVING THE LINES BELOW WILL FORCE US TO TAKE LEGAL ACTION -->
<!-- BE FAIR AND KEEP THE POWERED BY AND COPYRIGHT LINES. -->
Powered By: <a href="http://grestul.com" target="_blank">Grestul,</a> Copyright &copy; 2008 <a href="http://grestul.com" target="_blank">Grestul Group.</a>
</div>


</body>
</html>
<?php exit; ?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--