!C99Shell v. 1.0 pre-release build #16!

Software: Apache/2.0.54 (Fedora). PHP/5.0.4 

uname -a: Linux mina-info.me 2.6.17-1.2142_FC4smp #1 SMP Tue Jul 11 22:57:02 EDT 2006 i686 

uid=48(apache) gid=48(apache) groups=48(apache)
context=system_u:system_r:httpd_sys_script_t 

Safe-mode: OFF (not secure)

/home/mnnews/public_html/mina/mina/admin/   drwxr-xr-x
Free 3.89 GB of 27.03 GB (14.39%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     addingNews.inc.bak (2.96 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?
   
  if(checkSuperSession($superSession, $REMOTE_ADDR))
    {
      include("include/rootGui.inc.php3"); 
   
      require("$mysqlCall");
   
      $userId = getUserSUId($superSession);
      $userInfo = getUserInfo($userId);
      
      if(($userInfo[SuperUser] == 1) && ($userInfo[addNews]==1) && ($userInfo[active]==1))
	{
	  
	  if(strlen($title)==0)
	    {
	  print("ERROR <br>You have failed to enter a title for the news peice, go back and enter it.<br><br>");
	    }
	  
	  else if(strlen($details)==0)
	    {
	      print("ERROR <br>You have failed to enter some details for the news peice, go back and enter some<br><br>");
	    }
	  
      
	  else if($function=="preview")
	    {
	      
	      require("$mysqlCall");
	      
	      if($itemID != 0)
		{
		  require("$mysqlCall");
		  
		  $query = "SELECT * FROM $topics  where Id=\"$itemID\"";
		  
		  $mysql_result2 = mysql_query($query, $mysql_link);
		  
		  if($row = mysql_fetch_row($mysql_result2))
		    {
		      $imageId =  $row[3];
		      
		      $getImage=1;
		    }
		  else
		    {
		      print("Something wrong: get image data<br>");
		    }
		}


	      print("Preview your HTML");
	      print("<table width=70% border=0 cellpadding=3 cellspacing=0 >");
	      print("<tr><td bgcolor=$border_colour align=center>");
	      
	      print("<table width=100% border=0 cellpadding=5 cellspacing=0 >");
	      
	      printf("<tr>\n");
	      
       
	      print("<td bgcolor=$bgcolour>\n");
	      print("<h1><u>$title</u></h1>\n");
	      print("<div align=\"justify\"><p>$details\n</p></div>");
	      print("</td>\n");
	
	      print("<td bgcolor=$bgcolour>\n");
	      
	    /*    print("item = $itemID"); */
	      
	      
	      if($getImage==1)
		{	  
		  print("<img src=\"imageShow.php3?id=$imageId\">"); 
		}

	      else
		{
		  print("No topic selected");
      
		}


	      print("</td>\n");



      
	      print("</tr>\n");
	      print("</table>");
	      print("<tr><td>");
	      print("</table><br><br>");


	      include("addNewsTemp.inc.php3");
	      	      
	    }
	  
	  else
	    {
	      printf("now posting news....");
$details = eregi_replace("'","quotes3242",$details);

	      
	      
	      $insert = "insert into $news values('', '$title', '$details', '$date', '$itemID', '$userId')";
	      print "<br>";
	      $result = MYSQL_QUERY($insert);		
	      
	      if($result)
		{
		  print("That worked :)");
		  print("<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php3?mode=listNews&superSession=$superSession\">"); 
		}

	      else
		{
		  print("Something has gone wrong here");
		}
	    }
	}
      else
	{
	  print("You do not have access to this function<br><br>");

	}
	  include("include/guiBase.inc.php3");
	  
    }
  else
    {
      //session is bad
	  print("Bad Session ID ($superSession)!<BR>\n");
      $superSession = "";
    }

?>

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0034 ]--