!C99Shell v. 1.0 pre-release build #13!

Software: Apache. PHP/5.5.15 

uname -a: Windows NT SVR-DMZ 6.1 build 7600 (Windows Server 2008 R2 Enterprise Edition) i586 

SYSTEM 

Safe-mode: OFF (not secure)

E:\xampp\xampp\htdocs\login\   drwxrwxrwx
Free 8.8 GB of 239.26 GB (3.68%)
Detected drives: [ a ] [ c ] [ d ] [ e ] [ f ]
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     pass_change.php (2.13 KB)      -rw-rw-rw-
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

//prevents caching
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
session_cache_limiter();

session_start();

//include config and functions files
include ('config.php');
include ('functions.php');

//if user tries to access this page without logging in, this will send the user back to login.html
if (!$_SESSION[user_name])
{
    header('Location:login.php');
    exit;
}

//checks password length
if (password_check($min_pass$max_pass$_POST[p_word]) == "no")
{
?>
<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<meta http-equiv="refresh" content="0; url=pass_change.html">
<title>Password Change</title>
<script language="JavaScript">
<!--
function FP_popUpMsg(msg) {//v1.0
 alert(msg);
}
// -->
</script>
</head>

<body onload="FP_popUpMsg('Your password must be between <? echo $min_pass; ?> & <? echo $max_pass; ?> characters.')">

</body>

</html>
<?
exit;
}

//make connection to dbase
$connection = @mysql_connect($server, $dbusername, $dbpassword)
                or die(mysql_error());
                
$db = @mysql_select_db($db_name,$connection)
                or die(mysql_error());

//updates the table with the new password                
    $sql = "UPDATE $table_name SET 
            password = password('$_POST[p_word]') 
            WHERE username = '$_SESSION[user_name]'";
    $result = @mysql_query($sql, $connection) or die(mysql_error());
    $_SESSION[password] = $_POST[p_word];

//resets the password change required to no    
    $set_chng = "UPDATE $table_name SET
            pchange = '0' WHERE username = '$_SESSION[user_name]'";
    $result1 = @mysql_query($set_chng, $connection) or die(mysql_error());            

//gets that users redirect to    
    $get_redir = "SELECT * FROM $table_name WHERE username = '$_SESSION[user_name]'";
    $result2 = @mysql_query($get_redir, $connection) or die(mysql_error());
    while ($get_redir = mysql_fetch_object($result2)) 
        {    
            $_SESSION[redirect] = $get_redir -> redirect;
        }

//sends the user to their redirect to
    header("Location:$_SESSION[redirect]");
    exit;
?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #13 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0156 ]--