!C99Shell v. 1.0 pre-release build #16!

Software: Apache/2.0.54 (Fedora). PHP/5.0.4 

uname -a: Linux mina-info.me 2.6.17-1.2142_FC4smp #1 SMP Tue Jul 11 22:57:02 EDT 2006 i686 

uid=48(apache) gid=48(apache) groups=48(apache)
context=system_u:system_r:httpd_sys_script_t 

Safe-mode: OFF (not secure)

/home/mnnews/public_html/dwmail/   drwxr-xr-x
Free 4.04 GB of 27.03 GB (14.93%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     previewimage.php (6.35 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/*
############################################################################
# DWmail
#      - version 4.0
#      - Copyright (c) 2003-2006 Dominion Web Design
#      - http://www.dominion-web.com/products/dwmail/
############################################################################
#
# The contents of this file are subject to the DWmail License version
# 2.2 ('License'). You may not use this file except in compliance with
# the License. You may obtain a copy of the License at
# http://www.dominion-web.com/products/dwmail/license.php

# Software distributed under the License is distributed on an "AS IS" basis,
# without warranty of any kind, either express or implied.
#
# This code is Copyright (c) 2003-2006 Dominion Web Design.
# All rights reserved.
#
# This software may not be redistributed outside the terms of the
# license agreement.
#
############################################################################
*/
require ("./includes/init.inc.php");
require ("./includes/global.inc.php");
require ("./includes/imap.inc.php");
require ("./includes/functions.inc.php");
require ("./includes/config.inc.php");
require ("./includes/image.inc.php");

$MainSettings = new GlobalInit();
$TransIDEnabled = $MainSettings->INIGet('session.use_trans_sid');

session_cache_limiter($DefaultSessionCache);
session_start();

if (!$_SESSION['DefaultLang']) {
    $_SESSION['DefaultLang'] = $DefaultLang;
}
require ("./lang/" . strip_tags(str_replace("..", "", trim($_SESSION['DefaultLang']))) . "/global.inc.php");
@setlocale(LC_TIME, $AvailLangs[$_SESSION['DefaultLang']]['locale']);

require ("./includes/options.inc.php");

$id = $_GET['id'];
$pid = $_GET['pid'];

$folder = strip_tags($_GET['f']);

if ($_GET['f']) {
    $_SESSION['folder'] = strip_tags(trim($_GET['f']));
}

if (($_SESSION['sess_u'] == "") && ($_SESSION['sess_p'] == "")) {
    echo ("<p>" . $lang['SErrors']['Session'] . "</p>");
    exit;
}

$IMAPConnection = new WM_IMAPConnection($_SESSION);

$securitycheck = $IMAPConnection->WM_IMAPCheckSecurity();
if ($securitycheck == 0) {
    echo ("<p>" . $lang['SErrors']['IP'] . "</p>");
    exit;
}

$mailbox = $IMAPConnection->WM_IMAPConnect();

checkmailbox_active($mailbox, $IMAPConnection, $PageHeader, $_SESSION['tpl'], $PageFooter, $getFile, $lang, $genericerror);

$pidparsed = $pid;

if (strstr($pid, ".") && $_GET['rfc'] == 1) {
    require ("./includes/rfc822.inc.php");
    require ("./includes/3rdparty/MIME/mimeDecode.inc.php");

    $pidexp = explode(".", $pid);
    $headerfull = $IMAPConnection->WM_IMAPRFCHeader($id);
    $bodyfull = $IMAPConnection->WM_IMAPGetBody($id, -1, -1, 1);

    $RFC822Message = new RFC822($_SESSION);
    $RFC822Parts = $RFC822Message->GetParts($headerfull, $bodyfull);
    unset ($headerfull);
    unset ($bodyfull);

    $RFC822Content = $RFC822Parts[$pidexp[0]];
    unset ($RFC822Parts);

    $params['include_bodies'] = true;
    $params['decode_bodies']  = true;
    $params['decode_headers'] = true;

    $RFC822Decode = new Mail_mimeDecode($RFC822Content);

    $ReturnMessage = $RFCDecode->decode($params);

    $type = $ReturnMessage->parts[$pidexp[1]]->ctype_primary . "/" . $ReturnMessage->parts[$pidexp[1]]->ctype_secondary;
    $filedescription = $ReturnMessage->parts[$pidexp[1]]->ctype_parameters['description'];
    $filename = $ReturnMessage->parts[$pidexp[1]]->ctype_parameters['name'];
    $decodedsize = ceil(strlen($ReturnMessage->parts[$pidexp[1]]->body));
    $decodedsize2 = ($decodedsize/1024) . "Kb";
    $finalfile = $ReturnMessage->parts[$pidexp[1]]->body;
}
elseif ($pid == 0) {
    $structure = $IMAPConnection->WM_IMAPGetStructure($id);
    $type2 = $type[$structure->type] . '/' . $structure->subtype;
    $type = $type2;
    $encoding2 = $encoding[$structure->encoding];
    $encoding = $encoding2;
    $size = $structure->bytes;
    $attachment_size = ceil($size/1024). "Kb";
    $filedescription = $structure->description;

    if ($structure->parameters) {
        foreach ($structure->parameters as $p2) {
            $filename = $p2->value;
        }
    }

    if (strtolower($structure->disposition) == "attachment" || strtolower($structure->disposition) == "inline") {
        $params = $structure->dparameters;
        if ($params) {
            foreach ($params as $p) {
                if($p->attribute == "FILENAME" || $p->attribute == "filename")    {
                    $filename = $p->value;
                    break;
                }
            }
        }
    }

    unset ($structure);

    $finalfile = $IMAPConnection->WM_IMAPGetBody($id, -1, -1);
    $finalfile = parseEncoding($finalfile, $encoding);

    // Decoded file size in bytes
    $decodedsize = strlen($finalfile);
    $decodedsize2 = ceil($decodedsize/1024) . "Kb";
    
}
else {
    $structure = $IMAPConnection->WM_IMAPGetStructure($id);

    $sections = parseBody($structure);

    for($x=0; $x<sizeof($sections); $x++) {
        if($sections[$x]["pid"] == $pid) {
            $type = $sections[$x]["type"];
            $encoding = $sections[$x]["encoding"];
            $filedescription = $sections[$x]["description"];
            $filename = $sections[$x]["name"];
            $size = $sections[$x]["size"];
            $attachment_size = ceil($size/1024). "Kb";
        }
    }

    unset ($structure);
    unset ($sections);

    $finalfile = $IMAPConnection->WM_IMAPGetBody($id, $pid, -1);
    $finalfile = parseEncoding($finalfile, $encoding);

    // Decoded file size in bytes
    $decodedsize = strlen($finalfile);
    $decodedsize2 = ceil($decodedsize/1024) . "Kb";
}

// This content disposition header follows the RFC 1086 guidelines for
// Content-Disposition headers via http/1.1
// If this fails to download it is most likely a quirk or bug in the browser.

// See http://www.faqs.org/rfcs/rfc1086.html for more information about content-disposition.

// See the HTTP/1.1 standard at http://www.w3.org/Protocols/rfc2616/rfc2616.html
// for more information

// Content-Length: is essential for an attachment content-disposition otherwise some browsers
// corrupt the download


// Prevent anything being sent to the browser until the entire attachment has been loaded

for($i=1;$i<=32;$i++) {
    $filekey .= base_convert(rand(0,15),10,16);
}

$gdimg = new GDImage();
$gdimg->imgSupport();
$gdimg->imgSaveTmpFile($finalfile, $filekey);

ob_start();

header ("Cache-control: private");
header ("Content-Disposition: inline; filename=\"t_$downloadfilename\"");
header ("Content-Description: File Attachment");

$gdimg->NewFile('250', 'w', $type);

$gdimg->imgRemoveTmpFile();

ob_end_flush();

$IMAPConnection->WM_IMAPClose();

?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0036 ]--