!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\Intranet\C\xampp\htdocs\phpbb\2.0.4_to_2.0.15\includes\   drwxrwxrwx
Free 4.09 GB of 39.52 GB (10.36%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     usercp_sendpasswd.php (4.3 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/***************************************************************************
 *                           usercp_sendpasswd.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: usercp_sendpasswd.php,v 1.6.2.12 2004/11/18 17:49:45 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 *
 ***************************************************************************/

if ( !defined('IN_PHPBB') )
{
    die(
'Hacking attempt');
    exit;
}

if ( isset(
$HTTP_POST_VARS['submit']) )
{
    
$username = ( !empty($HTTP_POST_VARS['username']) ) ? phpbb_clean_username($HTTP_POST_VARS['username']) : '';
    
$email = ( !empty($HTTP_POST_VARS['email']) ) ? trim(strip_tags(htmlspecialchars($HTTP_POST_VARS['email']))) : '';

    
$sql "SELECT user_id, username, user_email, user_active, user_lang 
        FROM " 
USERS_TABLE 
        WHERE user_email = '" 
str_replace("\'""''"$email) . "' 
            AND username = '" 
str_replace("\'""''"$username) . "'";
    if ( 
$result $db->sql_query($sql) )
    {
        if ( 
$row $db->sql_fetchrow($result) )
        {
            if ( !
$row['user_active'] )
            {
                
message_die(GENERAL_MESSAGE$lang['No_send_account_inactive']);
            }

            
$username $row['username'];
            
$user_id $row['user_id'];

            
$user_actkey gen_rand_string(true);
            
$key_len 54 strlen($server_url);
            
$key_len = ( $str_len ) ? $key_len 6;
            
$user_actkey substr($user_actkey0$key_len);
            
$user_password gen_rand_string(false);
            
            
$sql "UPDATE " USERS_TABLE 
                SET user_newpasswd = '" 
md5($user_password) . "', user_actkey = '$user_actkey'  
                WHERE user_id = " 
$row['user_id'];
            if ( !
$db->sql_query($sql) )
            {
                
message_die(GENERAL_ERROR'Could not update new password information'''__LINE____FILE__$sql);
            }

            include(
$phpbb_root_path 'includes/emailer.'.$phpEx);
            
$emailer = new emailer($board_config['smtp_delivery']);

            
$emailer->from($board_config['board_email']);
            
$emailer->replyto($board_config['board_email']);

            
$emailer->use_template('user_activate_passwd'$row['user_lang']);
            
$emailer->email_address($row['user_email']);
            
$emailer->set_subject($lang['New_password_activation']);

            
$emailer->assign_vars(array(
                
'SITENAME' => $board_config['sitename'], 
                
'USERNAME' => $username,
                
'PASSWORD' => $user_password,
                
'EMAIL_SIG' => (!empty($board_config['board_email_sig'])) ? str_replace('<br />'"\n""-- \n" $board_config['board_email_sig']) : ''

                
'U_ACTIVATE' => $server_url '?mode=activate&' POST_USERS_URL '=' $user_id '&act_key=' $user_actkey)
            );
            
$emailer->send();
            
$emailer->reset();

            
$template->assign_vars(array(
                
'META' => '<meta http-equiv="refresh" content="15;url=' append_sid("index.$phpEx") . '">')
            );

            
$message $lang['Password_updated'] . '<br /><br />' sprintf($lang['Click_return_index'],  '<a href="' append_sid("index.$phpEx") . '">''</a>');

            
message_die(GENERAL_MESSAGE$message);
        }
        else
        {
            
message_die(GENERAL_MESSAGE$lang['No_email_match']);
        }
    }
    else
    {
        
message_die(GENERAL_ERROR'Could not obtain user information for sendpassword'''__LINE____FILE__$sql);
    }
}
else
{
    
$username '';
    
$email '';
}

//
// Output basic page
//
include($phpbb_root_path 'includes/page_header.'.$phpEx);

$template->set_filenames(array(
    
'body' => 'profile_send_pass.tpl')
);
make_jumpbox('viewforum.'.$phpEx);

$template->assign_vars(array(
    
'USERNAME' => $username,
    
'EMAIL' => $email,

    
'L_SEND_PASSWORD' => $lang['Send_password'], 
    
'L_ITEMS_REQUIRED' => $lang['Items_required'],
    
'L_EMAIL_ADDRESS' => $lang['Email_address'],
    
'L_SUBMIT' => $lang['Submit'],
    
'L_RESET' => $lang['Reset'],
    
    
'S_HIDDEN_FIELDS' => ''
    
'S_PROFILE_ACTION' => append_sid("profile.$phpEx?mode=sendpassword"))
);

$template->pparse('body');

include(
$phpbb_root_path 'includes/page_tail.'.$phpEx);

?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--