!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\AmbienteBogota\comments\admin\   drwxrwxrwx
Free 4.08 GB of 39.52 GB (10.32%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     results.php (3.27 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/**
*  Copyright 2008 Grestul Group 
*  Powered by Grestul
**/
?>
<?php session_start
();
require 
"inc/config.php";
if(!isset(
$_SESSION['loggedin'])) {
   
header('Location: index.php?error=1');
   exit();
}
$did SafeAddSlashes($_GET['did']);
if(isset(
$_GET['did'])) {

$req "DELETE FROM comments WHERE ID=$did";
$result mysql_query ($req,$db);
header('Location: '.$domain.'/admin/manage.php');
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
    <title><?php echo "$webad"?></title>
      <link href="inc/admin.css" rel="stylesheet" type="text/css" />
      <link href="inc/manage.css" rel="stylesheet" type="text/css" />
</head>
<body>
<img src="inc/images/logo.png" class="logo" />
<div class="logout"><a href="close.php">Logout</a></div>
<div class="navi">
<a href="home.php"><img src="inc/images/homeoff.png" class="navihoff" /></a>
<a href="management.php"><img src="inc/images/manageon.png" class="navion" /></a>
<a href="stylehome.php"><img src="inc/images/styleoff.png" class="navioff" /></a>
</div>


        <div class="contentrep">
    <div class="infobar">
        <div class="infotext">
    <br />
    <div align="center">
<form method="post" action="results.php">
<input type="text" name="search" size="50">
<select name="menu" id="menu">
<option value="ID">CID (comment ID)</option>
<option value="name">Name</option>
<option value="comment">Comment</option>
</select>
<input type="submit" value="Search">
</form> 
    </div>
      </div>
    </div>
        <div class="btite">
      Grestul Management - Search Comments
        </div>
  <div class="bodycontent">
 <div id="wrapper">
 <?php

$search
=htmlentities($_POST["search"]);
$menu=$_POST["menu"];
 
$result mysql_query("SELECT * FROM comments WHERE ".$menu." LIKE '%$search%'");
 
 
while(
$row=mysql_fetch_array($result))
{    
 
  
   
$id=$row["ID"];
   
$name=htmlentities($row["name"]);
   
$comment=htmlentities($row["comment"]);
   
$ip=$row["ip"];
   
echo 
'<div class="comment">'."\n";
echo 
'    <div class="postertime">'."\n";
echo 
'    <span class="poster">';
echo 
"$name";
echo 
'</span> - <span><a href="?did='.$id.'" class="remove">[Remove]</a>
<a href="#wrapper" class="remove">[Top]</a>'
;
echo 
' - [IP: '."$ip] [CID: $id]</span>";
echo 
'    </div>'."\n\n";
echo 
'    <div class="usercomment">'."\n";
echo 
'        <p>'.(nl2br($comment)).'</p>'."\n";
echo 
'    </div>'."\n\n";

echo 
'</div>'."\n\n";
}
if (!
$id) {
echo 
'No Results found!';
}
elseif (!
$name) {
echo 
'No Results found!';
}
elseif (!
$comment) {
echo 
'No Results found!';
}
 
?>
</div>
</div>

        </div>
<div class="footer">
<!-- DO NOT CHANGE, REMOVE, OR HINDER WITH THE COPYRIGHT OR POWERED BY LINES BELOW -->
<!-- YOU AGREED TO THE AGREEMENT WHEN YOU DOWNLOADED AND INSTALLED OUR SOFTWARE -->
<!-- REMOVING THE LINES BELOW WILL FORCE US TO TAKE LEGAL ACTION -->
<!-- BE FAIR AND KEEP THE POWERED BY AND COPYRIGHT LINES. -->
Powered By: <a href="http://grestul.com" target="_blank">Grestul,</a> Copyright &copy; 2007-2008 <a href="http://grestul.com" target="_blank">Grestul Group.</a>
</div>


</body>
</html>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.468 ]--