Multiple vulnerabilities in Ice Cold Apps Servers Ulitmate Version 6.0.2(12) for Android

9/8/13
Larry W. Cashdollar, @_larry0


http://www.amazon.com/Ice-Cold-Apps-Servers-Ultimate/dp/B00E00C44G/ref=sr_1_1?s=mobile-apps&ie=UTF8&qid=1378688647

http://www.icecoldapps.com

Vulnerabilities

There are no credentials by default, authentication is disabled for telnet/ssh/ftp allowing remote access to the device's storage. PHP can be uploaded to the webserver and executed.

  1. ftp server allows writes to lighttp/php* directory.
  2. telnet default authentication turned off.
  3. ssh server default authentication turned off.
  4. Anonymous SOCKS proxy & http/ftp proxy.

SSHD

larry$ ssh 192.168.0.29 -p 2222
$ id
uid=10041(app_41) gid=10041(app_41) groups=1015(sdcard_rw),3003(inet) $ uptime
up time: 19:42:02, idle time: 18:47:19, sleep time: 00:00:00 $

Telnet

larry$ telnet 192.168.0.29 2323
Trying 192.168.0.29...
Connected to 192.168.0.29.
Escape character is '^]'.

Welcome to tel!
Please enter some text to test the connection and hit enter:

$

$
id
$ id
uid=10041(app_41) gid=10041(app_41) groups=1015(sdcard_rw),3003(inet) $

lighttpd / PHP server

Here is the phpinfo() info output Because of the sandboxing eval(),system(),pass_thru() won't work.

<?php

        $arr = get_defined_functions();
        echo "<pre>";
                print_r($arr);
        echo "</pre>";

?>

Returned the following:

Array
(

[internal] => Array

        (
            [0] => zend_version
            [1] => func_num_args
            [2] => func_get_arg
            [3] => func_get_args
            [4] => strlen
            [5] => strcmp
            [6] => strncmp
            [7] => strcasecmp
            [8] => strncasecmp
            [9] => each
            [10] => error_reporting
            [11] => define
            [12] => defined
            [13] => get_class
            [14] => get_called_class
            [15] => get_parent_class
            [16] => method_exists
            [17] => property_exists
            [18] => class_exists
            [19] => interface_exists
            [20] => trait_exists
            [21] => function_exists
            [22] => class_alias
            [23] => get_included_files
            [24] => get_required_files
            [25] => is_subclass_of
            [26] => is_a
            [27] => get_class_vars
            [28] => get_object_vars
            [29] => get_class_methods
            [30] => trigger_error
            [31] => user_error
            [32] => set_error_handler
            [33] => restore_error_handler
            [34] => set_exception_handler
            [35] => restore_exception_handler
            [36] => get_declared_classes
            [37] => get_declared_traits
            [38] => get_declared_interfaces
            [39] => get_defined_functions
            [40] => get_defined_vars
            [41] => create_function
            [42] => get_resource_type
            [43] => get_loaded_extensions
            [44] => extension_loaded
            [45] => get_extension_funcs
            [46] => get_defined_constants
            [47] => debug_backtrace
            [48] => debug_print_backtrace
            [49] => gc_collect_cycles
            [50] => gc_enabled
            [51] => gc_enable
            [52] => gc_disable
            [53] => strtotime
            [54] => date
            [55] => idate
            [56] => gmdate
            [57] => mktime
            [58] => gmmktime
            [59] => checkdate
            [60] => strftime
            [61] => gmstrftime
            [62] => time
            [63] => localtime
            [64] => getdate
            [65] => date_create
            [66] => date_create_from_format
            [67] => date_parse
            [68] => date_parse_from_format
            [69] => date_get_last_errors
            [70] => date_format
            [71] => date_modify
            [72] => date_add
            [73] => date_sub
            [74] => date_timezone_get
            [75] => date_timezone_set
            [76] => date_offset_get
            [77] => date_diff
            [78] => date_time_set
            [79] => date_date_set
            [80] => date_isodate_set
            [81] => date_timestamp_set
            [82] => date_timestamp_get
            [83] => timezone_open
            [84] => timezone_name_get
            [85] => timezone_name_from_abbr
            [86] => timezone_offset_get
            [87] => timezone_transitions_get
            [88] => timezone_location_get
            [89] => timezone_identifiers_list
            [90] => timezone_abbreviations_list
            [91] => timezone_version_get
            [92] => date_interval_create_from_date_string
            [93] => date_interval_format
            [94] => date_default_timezone_set
            [95] => date_default_timezone_get
            [96] => date_sunrise
            [97] => date_sunset
            [98] => date_sun_info
            [99] => ereg
            [100] => ereg_replace
            [101] => eregi
            [102] => eregi_replace
            [103] => split
            [104] => spliti
            [105] => sql_regcase
            [106] => libxml_set_streams_context
            [107] => libxml_use_internal_errors
            [108] => libxml_get_last_error
            [109] => libxml_clear_errors
            [110] => libxml_get_errors
            [111] => libxml_disable_entity_loader
            [112] => libxml_set_external_entity_loader
            [113] => preg_match
            [114] => preg_match_all
            [115] => preg_replace
            [116] => preg_replace_callback
            [117] => preg_filter
            [118] => preg_split
            [119] => preg_quote
            [120] => preg_grep
            [121] => preg_last_error
            [122] => readgzfile
            [123] => gzrewind
            [124] => gzclose
            [125] => gzeof
            [126] => gzgetc
            [127] => gzgets
            [128] => gzgetss
            [129] => gzread
            [130] => gzopen
            [131] => gzpassthru
            [132] => gzseek
            [133] => gztell
            [134] => gzwrite
            [135] => gzputs
            [136] => gzfile
            [137] => gzcompress
            [138] => gzuncompress
            [139] => gzdeflate
            [140] => gzinflate
            [141] => gzencode
            [142] => gzdecode
            [143] => zlib_encode
            [144] => zlib_decode
            [145] => zlib_get_coding_type
            [146] => ob_gzhandler
            [147] => ctype_alnum
            [148] => ctype_alpha
            [149] => ctype_cntrl
            [150] => ctype_digit
            [151] => ctype_lower
            [152] => ctype_graph
            [153] => ctype_print
            [154] => ctype_punct
            [155] => ctype_space
            [156] => ctype_upper
            [157] => ctype_xdigit
            [158] => curl_init
            [159] => curl_copy_handle
            [160] => curl_version
            [161] => curl_setopt
            [162] => curl_setopt_array
            [163] => curl_exec
            [164] => curl_getinfo
            [165] => curl_error
            [166] => curl_errno
            [167] => curl_close
            [168] => curl_multi_init
            [169] => curl_multi_add_handle
            [170] => curl_multi_remove_handle
            [171] => curl_multi_select
            [172] => curl_multi_exec
            [173] => curl_multi_getcontent
            [174] => curl_multi_info_read
            [175] => curl_multi_close
            [176] => dom_import_simplexml
            [177] => finfo_open
            [178] => finfo_close
            [179] => finfo_set_flags
            [180] => finfo_file
            [181] => finfo_buffer
            [182] => mime_content_type
            [183] => filter_input
            [184] => filter_var
            [185] => filter_input_array
            [186] => filter_var_array
            [187] => filter_list
            [188] => filter_has_var
            [189] => filter_id
            [190] => ftp_connect
            [191] => ftp_login
            [192] => ftp_pwd
            [193] => ftp_cdup
            [194] => ftp_chdir
            [195] => ftp_exec
            [196] => ftp_raw
            [197] => ftp_mkdir
            [198] => ftp_rmdir
            [199] => ftp_chmod
            [200] => ftp_alloc
            [201] => ftp_nlist
            [202] => ftp_rawlist
            [203] => ftp_systype
            [204] => ftp_pasv
            [205] => ftp_get
            [206] => ftp_fget
            [207] => ftp_put
            [208] => ftp_fput
            [209] => ftp_size
            [210] => ftp_mdtm
            [211] => ftp_rename
            [212] => ftp_delete
            [213] => ftp_site
            [214] => ftp_close
            [215] => ftp_set_option
            [216] => ftp_get_option
            [217] => ftp_nb_fget
            [218] => ftp_nb_get
            [219] => ftp_nb_continue
            [220] => ftp_nb_put
            [221] => ftp_nb_fput
            [222] => ftp_quit
            [223] => gd_info
            [224] => imagearc
            [225] => imageellipse
            [226] => imagechar
            [227] => imagecharup
            [228] => imagecolorat
            [229] => imagecolorallocate
            [230] => imagepalettecopy
            [231] => imagecreatefromstring
            [232] => imagecolorclosest
            [233] => imagecolorclosesthwb
            [234] => imagecolordeallocate
            [235] => imagecolorresolve
            [236] => imagecolorexact
            [237] => imagecolorset
            [238] => imagecolortransparent
            [239] => imagecolorstotal
            [240] => imagecolorsforindex
            [241] => imagecopy
            [242] => imagecopymerge
            [243] => imagecopymergegray
            [244] => imagecopyresized
            [245] => imagecreate
            [246] => imagecreatetruecolor
            [247] => imageistruecolor
            [248] => imagetruecolortopalette
            [249] => imagesetthickness
            [250] => imagefilledarc
            [251] => imagefilledellipse
            [252] => imagealphablending
            [253] => imagesavealpha
            [254] => imagecolorallocatealpha
            [255] => imagecolorresolvealpha
            [256] => imagecolorclosestalpha
            [257] => imagecolorexactalpha
            [258] => imagecopyresampled
            [259] => imagerotate
            [260] => imageantialias
            [261] => imagesettile
            [262] => imagesetbrush
            [263] => imagesetstyle
            [264] => imagecreatefrompng
            [265] => imagecreatefromgif
            [266] => imagecreatefromjpeg
            [267] => imagecreatefromwbmp
            [268] => imagecreatefromxbm
            [269] => imagecreatefromgd
            [270] => imagecreatefromgd2
            [271] => imagecreatefromgd2part
            [272] => imagepng
            [273] => imagegif
            [274] => imagejpeg
            [275] => imagewbmp
            [276] => imagegd
            [277] => imagegd2
            [278] => imagedestroy
            [279] => imagegammacorrect
            [280] => imagefill
            [281] => imagefilledpolygon
            [282] => imagefilledrectangle
            [283] => imagefilltoborder
            [284] => imagefontwidth
            [285] => imagefontheight
            [286] => imageinterlace
            [287] => imageline
            [288] => imageloadfont
            [289] => imagepolygon
            [290] => imagerectangle
            [291] => imagesetpixel
            [292] => imagestring
            [293] => imagestringup
            [294] => imagesx
            [295] => imagesy
            [296] => imagedashedline
            [297] => imagetypes
            [298] => jpeg2wbmp
            [299] => png2wbmp
            [300] => image2wbmp
            [301] => imagelayereffect
            [302] => imagexbm
            [303] => imagecolormatch
            [304] => imagefilter
            [305] => imageconvolution
            [306] => textdomain
            [307] => gettext
            [308] => 
            [309] => dgettext
            [310] => dcgettext
            [311] => bindtextdomain
            [312] => ngettext
            [313] => dngettext
            [314] => dcngettext
            [315] => bindtextdomain_codeset
            [316] => hash
            [317] => hash_file
            [318] => hash_hmac
            [319] => hash_hmac_file
            [320] => hash_init
            [321] => hash_update
            [322] => hash_update_stream
            [323] => hash_update_file
            [324] => hash_final
            [325] => hash_copy
            [326] => hash_algos
            [327] => iconv
            [328] => iconv_get_encoding
            [329] => iconv_set_encoding
            [330] => iconv_strlen
            [331] => iconv_substr
            [332] => iconv_strpos
            [333] => iconv_strrpos
            [334] => iconv_mime_encode
            [335] => iconv_mime_decode
            [336] => iconv_mime_decode_headers
            [337] => json_encode
            [338] => json_decode
            [339] => json_last_error
            [340] => mb_convert_case
            [341] => mb_strtoupper
            [342] => mb_strtolower
            [343] => mb_language
            [344] => mb_internal_encoding
            [345] => mb_http_input
            [346] => mb_http_output
            [347] => mb_detect_order
            [348] => mb_substitute_character
            [349] => mb_parse_str
            [350] => mb_output_handler
            [351] => mb_preferred_mime_name
            [352] => mb_strlen
            [353] => mb_strpos
            [354] => mb_strrpos
            [355] => mb_stripos
            [356] => mb_strripos
            [357] => mb_strstr
            [358] => mb_strrchr
            [359] => mb_stristr
            [360] => mb_strrichr
            [361] => mb_substr_count
            [362] => mb_substr
            [363] => mb_strcut
            [364] => mb_strwidth
            [365] => mb_strimwidth
            [366] => mb_convert_encoding
            [367] => mb_detect_encoding
            [368] => mb_list_encodings
            [369] => mb_encoding_aliases
            [370] => mb_convert_kana
            [371] => mb_encode_mimeheader
            [372] => mb_decode_mimeheader
            [373] => mb_convert_variables
            [374] => mb_encode_numericentity
            [375] => mb_decode_numericentity
            [376] => mb_send_mail
            [377] => mb_get_info
            [378] => mb_check_encoding
            [379] => mb_regex_encoding
            [380] => mb_regex_set_options
            [381] => mb_ereg
            [382] => mb_eregi
            [383] => mb_ereg_replace
            [384] => mb_eregi_replace
            [385] => mb_ereg_replace_callback
            [386] => mb_split
            [387] => mb_ereg_match
            [388] => mb_ereg_search
            [389] => mb_ereg_search_pos
            [390] => mb_ereg_search_regs
            [391] => mb_ereg_search_init
            [392] => mb_ereg_search_getregs
            [393] => mb_ereg_search_getpos
            [394] => mb_ereg_search_setpos
            [395] => mbregex_encoding
            [396] => mbereg
            [397] => mberegi
            [398] => mbereg_replace
            [399] => mberegi_replace
            [400] => mbsplit
            [401] => mbereg_match
            [402] => mbereg_search
            [403] => mbereg_search_pos
            [404] => mbereg_search_regs
            [405] => mbereg_search_init
            [406] => mbereg_search_getregs
            [407] => mbereg_search_getpos
            [408] => mbereg_search_setpos
            [409] => mcrypt_ecb
            [410] => mcrypt_cbc
            [411] => mcrypt_cfb
            [412] => mcrypt_ofb
            [413] => mcrypt_get_key_size
            [414] => mcrypt_get_block_size
            [415] => mcrypt_get_cipher_name
            [416] => mcrypt_create_iv
            [417] => mcrypt_list_algorithms
            [418] => mcrypt_list_modes
            [419] => mcrypt_get_iv_size
            [420] => mcrypt_encrypt
            [421] => mcrypt_decrypt
            [422] => mcrypt_module_open
            [423] => mcrypt_generic_init
            [424] => mcrypt_generic
            [425] => mdecrypt_generic
            [426] => mcrypt_generic_end
            [427] => mcrypt_generic_deinit
            [428] => mcrypt_enc_self_test
            [429] => mcrypt_enc_is_block_algorithm_mode
            [430] => mcrypt_enc_is_block_algorithm
            [431] => mcrypt_enc_is_block_mode
            [432] => mcrypt_enc_get_block_size
            [433] => mcrypt_enc_get_key_size
            [434] => mcrypt_enc_get_supported_key_sizes
            [435] => mcrypt_enc_get_iv_size
            [436] => mcrypt_enc_get_algorithms_name
            [437] => mcrypt_enc_get_modes_name
            [438] => mcrypt_module_self_test
            [439] => mcrypt_module_is_block_algorithm_mode
            [440] => mcrypt_module_is_block_algorithm
            [441] => mcrypt_module_is_block_mode
            [442] => mcrypt_module_get_algo_block_size
            [443] => mcrypt_module_get_algo_key_size
            [444] => mcrypt_module_get_supported_key_sizes
            [445] => mcrypt_module_close
            [446] => mysql_connect
            [447] => mysql_pconnect
            [448] => mysql_close
            [449] => mysql_select_db
            [450] => mysql_query
            [451] => mysql_unbuffered_query
            [452] => mysql_db_query
            [453] => mysql_list_dbs
            [454] => mysql_list_tables
            [455] => mysql_list_fields
            [456] => mysql_list_processes
            [457] => mysql_error
            [458] => mysql_errno
            [459] => mysql_affected_rows
            [460] => mysql_insert_id
            [461] => mysql_result
            [462] => mysql_num_rows
            [463] => mysql_num_fields
            [464] => mysql_fetch_row
            [465] => mysql_fetch_array
            [466] => mysql_fetch_assoc
            [467] => mysql_fetch_object
            [468] => mysql_data_seek
            [469] => mysql_fetch_lengths
            [470] => mysql_fetch_field
            [471] => mysql_field_seek
            [472] => mysql_free_result
            [473] => mysql_field_name
            [474] => mysql_field_table
            [475] => mysql_field_len
            [476] => mysql_field_type
            [477] => mysql_field_flags
            [478] => mysql_escape_string
            [479] => mysql_real_escape_string
            [480] => mysql_stat
            [481] => mysql_thread_id
            [482] => mysql_client_encoding
            [483] => mysql_ping
            [484] => mysql_get_client_info
            [485] => mysql_get_host_info
            [486] => mysql_get_proto_info
            [487] => mysql_get_server_info
            [488] => mysql_info
            [489] => mysql_set_charset
            [490] => mysql
            [491] => mysql_fieldname
            [492] => mysql_fieldtable
            [493] => mysql_fieldlen
            [494] => mysql_fieldtype
            [495] => mysql_fieldflags
            [496] => mysql_selectdb
            [497] => mysql_freeresult
            [498] => mysql_numfields
            [499] => mysql_numrows
            [500] => mysql_listdbs
            [501] => mysql_listtables
            [502] => mysql_listfields
            [503] => mysql_db_name
            [504] => mysql_dbname
            [505] => mysql_tablename
            [506] => mysql_table_name
            [507] => mysqli_affected_rows
            [508] => mysqli_autocommit
            [509] => mysqli_change_user
            [510] => mysqli_character_set_name
            [511] => mysqli_close
            [512] => mysqli_commit
            [513] => mysqli_connect
            [514] => mysqli_connect_errno
            [515] => mysqli_connect_error
            [516] => mysqli_data_seek
            [517] => mysqli_dump_debug_info
            [518] => mysqli_debug
            [519] => mysqli_errno
            [520] => mysqli_error
            [521] => mysqli_error_list
            [522] => mysqli_stmt_execute
            [523] => mysqli_execute
            [524] => mysqli_fetch_field
            [525] => mysqli_fetch_fields
            [526] => mysqli_fetch_field_direct
            [527] => mysqli_fetch_lengths
            [528] => mysqli_fetch_array
            [529] => mysqli_fetch_assoc
            [530] => mysqli_fetch_object
            [531] => mysqli_fetch_row
            [532] => mysqli_field_count
            [533] => mysqli_field_seek
            [534] => mysqli_field_tell
            [535] => mysqli_free_result
            [536] => mysqli_get_charset
            [537] => mysqli_get_client_info
            [538] => mysqli_get_client_version
            [539] => mysqli_get_host_info
            [540] => mysqli_get_proto_info
            [541] => mysqli_get_server_info
            [542] => mysqli_get_server_version
            [543] => mysqli_get_warnings
            [544] => mysqli_init
            [545] => mysqli_info
            [546] => mysqli_insert_id
            [547] => mysqli_kill
            [548] => mysqli_set_local_infile_default
            [549] => mysqli_set_local_infile_handler
            [550] => mysqli_more_results
            [551] => mysqli_multi_query
            [552] => mysqli_next_result
            [553] => mysqli_num_fields
            [554] => mysqli_num_rows
            [555] => mysqli_options
            [556] => mysqli_ping
            [557] => mysqli_prepare
            [558] => mysqli_report
            [559] => mysqli_query
            [560] => mysqli_real_connect
            [561] => mysqli_real_escape_string
            [562] => mysqli_real_query
            [563] => mysqli_rollback
            [564] => mysqli_select_db
            [565] => mysqli_set_charset
            [566] => mysqli_stmt_affected_rows
            [567] => mysqli_stmt_attr_get
            [568] => mysqli_stmt_attr_set
            [569] => mysqli_stmt_bind_param
            [570] => mysqli_stmt_bind_result
            [571] => mysqli_stmt_close
            [572] => mysqli_stmt_data_seek
            [573] => mysqli_stmt_errno
            [574] => mysqli_stmt_error
            [575] => mysqli_stmt_error_list
            [576] => mysqli_stmt_fetch
            [577] => mysqli_stmt_field_count
            [578] => mysqli_stmt_free_result
            [579] => mysqli_stmt_get_warnings
            [580] => mysqli_stmt_init
            [581] => mysqli_stmt_insert_id
            [582] => mysqli_stmt_num_rows
            [583] => mysqli_stmt_param_count
            [584] => mysqli_stmt_prepare
            [585] => mysqli_stmt_reset
            [586] => mysqli_stmt_result_metadata
            [587] => mysqli_stmt_send_long_data
            [588] => mysqli_stmt_store_result
            [589] => mysqli_stmt_sqlstate
            [590] => mysqli_sqlstate
            [591] => mysqli_ssl_set
            [592] => mysqli_stat
            [593] => mysqli_store_result
            [594] => mysqli_thread_id
            [595] => mysqli_thread_safe
            [596] => mysqli_use_result
            [597] => mysqli_warning_count
            [598] => mysqli_refresh
            [599] => mysqli_escape_string
            [600] => mysqli_set_opt
            [601] => pdo_drivers
            [602] => posix_kill
            [603] => posix_getpid
            [604] => posix_getppid
            [605] => posix_getuid
            [606] => posix_setuid
            [607] => posix_geteuid
            [608] => posix_seteuid
            [609] => posix_getgid
            [610] => posix_setgid
            [611] => posix_getegid
            [612] => posix_setegid
            [613] => posix_getgroups
            [614] => posix_getlogin
            [615] => posix_getpgrp
            [616] => posix_setsid
            [617] => posix_setpgid
            [618] => posix_getpgid
            [619] => posix_getsid
            [620] => posix_uname
            [621] => posix_times
            [622] => posix_ctermid
            [623] => posix_ttyname
            [624] => posix_isatty
            [625] => posix_getcwd
            [626] => posix_mkfifo
            [627] => posix_mknod
            [628] => posix_access
            [629] => posix_getgrnam
            [630] => posix_getgrgid
            [631] => posix_getpwnam
            [632] => posix_getpwuid
            [633] => posix_getrlimit
            [634] => posix_get_last_error
            [635] => posix_errno
            [636] => posix_strerror
            [637] => posix_initgroups
            [638] => session_name
            [639] => session_module_name
            [640] => session_save_path
            [641] => session_id
            [642] => session_regenerate_id
            [643] => session_decode
            [644] => session_encode
            [645] => session_start
            [646] => session_destroy
            [647] => session_unset
            [648] => session_set_save_handler
            [649] => session_cache_limiter
            [650] => session_cache_expire
            [651] => session_set_cookie_params
            [652] => session_get_cookie_params
            [653] => session_write_close
            [654] => session_status
            [655] => session_register_shutdown
            [656] => session_commit
            [657] => simplexml_load_file
            [658] => simplexml_load_string
            [659] => simplexml_import_dom
            [660] => use_soap_error_handler
            [661] => is_soap_fault
            [662] => socket_select
            [663] => socket_create
            [664] => socket_create_listen
            [665] => socket_create_pair
            [666] => socket_accept
            [667] => socket_set_nonblock
            [668] => socket_set_block
            [669] => socket_listen
            [670] => socket_close
            [671] => socket_write
            [672] => socket_read
            [673] => socket_getsockname
            [674] => socket_getpeername
            [675] => socket_connect
            [676] => socket_strerror
            [677] => socket_bind
            [678] => socket_recv
            [679] => socket_send
            [680] => socket_recvfrom
            [681] => socket_sendto
            [682] => socket_get_option
            [683] => socket_set_option
            [684] => socket_shutdown
            [685] => socket_last_error
            [686] => socket_clear_error
            [687] => socket_import_stream
            [688] => socket_getopt
            [689] => socket_setopt
            [690] => spl_classes
            [691] => spl_autoload
            [692] => spl_autoload_extensions
            [693] => spl_autoload_register
            [694] => spl_autoload_unregister
            [695] => spl_autoload_functions
            [696] => spl_autoload_call
            [697] => class_parents
            [698] => class_implements
            [699] => class_uses
            [700] => spl_object_hash
            [701] => iterator_to_array
            [702] => iterator_count
            [703] => iterator_apply
            [704] => constant
            [705] => bin2hex
            [706] => hex2bin
            [707] => sleep
            [708] => usleep
            [709] => time_nanosleep
            [710] => time_sleep_until
            [711] => strptime
            [712] => flush
            [713] => wordwrap
            [714] => htmlspecialchars
            [715] => htmlentities
            [716] => html_entity_decode
            [717] => htmlspecialchars_decode
            [718] => get_html_translation_table
            [719] => sha1
            [720] => sha1_file
            [721] => md5
            [722] => md5_file
            [723] => crc32
            [724] => iptcparse
            [725] => iptcembed
            [726] => getimagesize
            [727] => getimagesizefromstring
            [728] => image_type_to_mime_type
            [729] => image_type_to_extension
            [730] => phpinfo
            [731] => phpversion
            [732] => phpcredits
            [733] => php_logo_guid
            [734] => php_real_logo_guid
            [735] => php_egg_logo_guid
            [736] => zend_logo_guid
            [737] => php_sapi_name
            [738] => php_uname
            [739] => php_ini_scanned_files
            [740] => php_ini_loaded_file
            [741] => strnatcmp
            [742] => strnatcasecmp
            [743] => substr_count
            [744] => strspn
            [745] => strcspn
            [746] => strtok
            [747] => strtoupper
            [748] => strtolower
            [749] => strpos
            [750] => stripos
            [751] => strrpos
            [752] => strripos
            [753] => strrev
            [754] => hebrev
            [755] => hebrevc
            [756] => nl2br
            [757] => basename
            [758] => dirname
            [759] => pathinfo
            [760] => stripslashes
            [761] => stripcslashes
            [762] => strstr
            [763] => stristr
            [764] => strrchr
            [765] => str_shuffle
            [766] => str_word_count
            [767] => str_split
            [768] => strpbrk
            [769] => substr_compare
            [770] => strcoll
            [771] => money_format
            [772] => substr
            [773] => substr_replace
            [774] => quotemeta
            [775] => ucfirst
            [776] => lcfirst
            [777] => ucwords
            [778] => strtr
            [779] => addslashes
            [780] => addcslashes
            [781] => rtrim
            [782] => str_replace
            [783] => str_ireplace
            [784] => str_repeat
            [785] => count_chars
            [786] => chunk_split
            [787] => trim
            [788] => ltrim
            [789] => strip_tags
            [790] => similar_text
            [791] => explode
            [792] => implode
            [793] => join
            [794] => setlocale
            [795] => localeconv
            [796] => nl_langinfo
            [797] => soundex
            [798] => levenshtein
            [799] => chr
            [800] => ord
            [801] => parse_str
            [802] => str_getcsv
            [803] => str_pad
            [804] => chop
            [805] => strchr
            [806] => sprintf
            [807] => printf
            [808] => vprintf
            [809] => vsprintf
            [810] => fprintf
            [811] => vfprintf
            [812] => sscanf
            [813] => fscanf
            [814] => parse_url
            [815] => urlencode
            [816] => urldecode
            [817] => rawurlencode
            [818] => rawurldecode
            [819] => http_build_query
            [820] => readlink
            [821] => linkinfo
            [822] => symlink
            [823] => link
            [824] => unlink
            [825] => exec
            [826] => system
            [827] => escapeshellcmd
            [828] => escapeshellarg
            [829] => passthru
            [830] => shell_exec
            [831] => proc_open
            [832] => proc_close
            [833] => proc_terminate
            [834] => proc_get_status
            [835] => proc_nice
            [836] => rand
            [837] => srand
            [838] => getrandmax
            [839] => mt_rand
            [840] => mt_srand
            [841] => mt_getrandmax
            [842] => getservbyname
            [843] => getservbyport
            [844] => getprotobyname
            [845] => getprotobynumber
            [846] => getmyuid
            [847] => getmygid
            [848] => getmypid
            [849] => getmyinode
            [850] => getlastmod
            [851] => base64_decode
            [852] => base64_encode
            [853] => convert_uuencode
            [854] => convert_uudecode
            [855] => abs
            [856] => ceil
            [857] => floor
            [858] => round
            [859] => sin
            [860] => cos
            [861] => tan
            [862] => asin
            [863] => acos
            [864] => atan
            [865] => atanh
            [866] => atan2
            [867] => sinh
            [868] => cosh
            [869] => tanh
            [870] => asinh
            [871] => acosh
            [872] => expm1
            [873] => log1p
            [874] => pi
            [875] => is_finite
            [876] => is_nan
            [877] => is_infinite
            [878] => pow
            [879] => exp
            [880] => log
            [881] => log10
            [882] => sqrt
            [883] => hypot
            [884] => deg2rad
            [885] => rad2deg
            [886] => bindec
            [887] => hexdec
            [888] => octdec
            [889] => decbin
            [890] => decoct
            [891] => dechex
            [892] => base_convert
            [893] => number_format
            [894] => fmod
            [895] => inet_ntop
            [896] => inet_pton
            [897] => ip2long
            [898] => long2ip
            [899] => getenv
            [900] => putenv
            [901] => getopt
            [902] => sys_getloadavg
            [903] => microtime
            [904] => gettimeofday
            [905] => getrusage
            [906] => uniqid
            [907] => quoted_printable_decode
            [908] => quoted_printable_encode
            [909] => convert_cyr_string
            [910] => get_current_user
            [911] => set_time_limit
            [912] => header_register_callback
            [913] => get_cfg_var
            [914] => magic_quotes_runtime
            [915] => set_magic_quotes_runtime
            [916] => get_magic_quotes_gpc
            [917] => get_magic_quotes_runtime
            [918] => error_log
            [919] => error_get_last
            [920] => call_user_func
            [921] => call_user_func_array
            [922] => call_user_method
            [923] => call_user_method_array
            [924] => forward_static_call
            [925] => forward_static_call_array
            [926] => serialize
            [927] => unserialize
            [928] => var_dump
            [929] => var_export
            [930] => debug_zval_dump
            [931] => print_r
            [932] => memory_get_usage
            [933] => memory_get_peak_usage
            [934] => register_shutdown_function
            [935] => register_tick_function
            [936] => unregister_tick_function
            [937] => highlight_file
            [938] => show_source
            [939] => highlight_string
            [940] => php_strip_whitespace
            [941] => ini_get
            [942] => ini_get_all
            [943] => ini_set
            [944] => ini_alter
            [945] => ini_restore
            [946] => get_include_path
            [947] => set_include_path
            [948] => restore_include_path
            [949] => setcookie
            [950] => setrawcookie
            [951] => header
            [952] => header_remove
            [953] => headers_sent
            [954] => headers_list
            [955] => http_response_code
            [956] => connection_aborted
            [957] => connection_status
            [958] => ignore_user_abort
            [959] => parse_ini_file
            [960] => parse_ini_string
            [961] => is_uploaded_file
            [962] => move_uploaded_file
            [963] => gethostbyaddr
            [964] => gethostbyname
            [965] => gethostbynamel
            [966] => gethostname
            [967] => intval
            [968] => floatval
            [969] => doubleval
            [970] => strval
            [971] => gettype
            [972] => settype
            [973] => is_null
            [974] => is_resource
            [975] => is_bool
            [976] => is_long
            [977] => is_float
            [978] => is_int
            [979] => is_integer
            [980] => is_double
            [981] => is_real
            [982] => is_numeric
            [983] => is_string
            [984] => is_array
            [985] => is_object
            [986] => is_scalar
            [987] => is_callable
            [988] => pclose
            [989] => popen
            [990] => readfile
            [991] => rewind
            [992] => rmdir
            [993] => umask
            [994] => fclose
            [995] => feof
            [996] => fgetc
            [997] => fgets
            [998] => fgetss
            [999] => fread
            [1000] => fopen
            [1001] => fpassthru
            [1002] => ftruncate
            [1003] => fstat
            [1004] => fseek
            [1005] => ftell
            [1006] => fflush
            [1007] => fwrite
            [1008] => fputs
            [1009] => mkdir
            [1010] => rename
            [1011] => copy
            [1012] => tempnam
            [1013] => tmpfile
            [1014] => file
            [1015] => file_get_contents
            [1016] => file_put_contents
            [1017] => stream_select
            [1018] => stream_context_create
            [1019] => stream_context_set_params
            [1020] => stream_context_get_params
            [1021] => stream_context_set_option
            [1022] => stream_context_get_options
            [1023] => stream_context_get_default
            [1024] => stream_context_set_default
            [1025] => stream_filter_prepend
            [1026] => stream_filter_append
            [1027] => stream_filter_remove
            [1028] => stream_socket_client
            [1029] => stream_socket_server
            [1030] => stream_socket_accept
            [1031] => stream_socket_get_name
            [1032] => stream_socket_recvfrom
            [1033] => stream_socket_sendto
            [1034] => stream_socket_enable_crypto
            [1035] => stream_socket_shutdown
            [1036] => stream_socket_pair
            [1037] => stream_copy_to_stream
            [1038] => stream_get_contents
            [1039] => stream_supports_lock
            [1040] => fgetcsv
            [1041] => fputcsv
            [1042] => flock
            [1043] => get_meta_tags
            [1044] => stream_set_read_buffer
            [1045] => stream_set_write_buffer
            [1046] => set_file_buffer
            [1047] => stream_set_chunk_size
            [1048] => set_socket_blocking
            [1049] => stream_set_blocking
            [1050] => socket_set_blocking
            [1051] => stream_get_meta_data
            [1052] => stream_get_line
            [1053] => stream_wrapper_register
            [1054] => stream_register_wrapper
            [1055] => stream_wrapper_unregister
            [1056] => stream_wrapper_restore
            [1057] => stream_get_wrappers
            [1058] => stream_get_transports
            [1059] => stream_resolve_include_path
            [1060] => stream_is_local
            [1061] => get_headers
            [1062] => stream_set_timeout
            [1063] => socket_set_timeout
            [1064] => socket_get_status
            [1065] => realpath
            [1066] => fsockopen
            [1067] => pfsockopen
            [1068] => pack
            [1069] => unpack
            [1070] => get_browser
            [1071] => crypt
            [1072] => opendir
            [1073] => closedir
            [1074] => chdir
            [1075] => getcwd
            [1076] => rewinddir
            [1077] => readdir
            [1078] => dir
            [1079] => scandir
            [1080] => glob
            [1081] => fileatime
            [1082] => filectime
            [1083] => filegroup
            [1084] => fileinode
            [1085] => filemtime
            [1086] => fileowner
            [1087] => fileperms
            [1088] => filesize
            [1089] => filetype
            [1090] => file_exists
            [1091] => is_writable
            [1092] => is_writeable
            [1093] => is_readable
            [1094] => is_executable
            [1095] => is_file
            [1096] => is_dir
            [1097] => is_link
            [1098] => stat
            [1099] => lstat
            [1100] => chown
            [1101] => chgrp
            [1102] => lchown
            [1103] => lchgrp
            [1104] => chmod
            [1105] => touch
            [1106] => clearstatcache
            [1107] => disk_total_space
            [1108] => disk_free_space
            [1109] => diskfreespace
            [1110] => realpath_cache_size
            [1111] => realpath_cache_get
            [1112] => mail
            [1113] => ezmlm_hash
            [1114] => openlog
            [1115] => syslog
            [1116] => closelog
            [1117] => lcg_value
            [1118] => metaphone
            [1119] => ob_start
            [1120] => ob_flush
            [1121] => ob_clean
            [1122] => ob_end_flush
            [1123] => ob_end_clean
            [1124] => ob_get_flush
            [1125] => ob_get_clean
            [1126] => ob_get_length
            [1127] => ob_get_level
            [1128] => ob_get_status
            [1129] => ob_get_contents
            [1130] => ob_implicit_flush
            [1131] => ob_list_handlers
            [1132] => ksort
            [1133] => krsort
            [1134] => natsort
            [1135] => natcasesort
            [1136] => asort
            [1137] => arsort
            [1138] => sort
            [1139] => rsort
            [1140] => usort
            [1141] => uasort
            [1142] => uksort
            [1143] => shuffle
            [1144] => array_walk
            [1145] => array_walk_recursive
            [1146] => count
            [1147] => end
            [1148] => prev
            [1149] => next
            [1150] => reset
            [1151] => current
            [1152] => key
            [1153] => min
            [1154] => max
            [1155] => in_array
            [1156] => array_search
            [1157] => extract
            [1158] => compact
            [1159] => array_fill
            [1160] => array_fill_keys
            [1161] => range
            [1162] => array_multisort
            [1163] => array_push
            [1164] => array_pop
            [1165] => array_shift
            [1166] => array_unshift
            [1167] => array_splice
            [1168] => array_slice
            [1169] => array_merge
            [1170] => array_merge_recursive
            [1171] => array_replace
            [1172] => array_replace_recursive
            [1173] => array_keys
            [1174] => array_values
            [1175] => array_count_values
            [1176] => array_reverse
            [1177] => array_reduce
            [1178] => array_pad
            [1179] => array_flip
            [1180] => array_change_key_case
            [1181] => array_rand
            [1182] => array_unique
            [1183] => array_intersect
            [1184] => array_intersect_key
            [1185] => array_intersect_ukey
            [1186] => array_uintersect
            [1187] => array_intersect_assoc
            [1188] => array_uintersect_assoc
            [1189] => array_intersect_uassoc
            [1190] => array_uintersect_uassoc
            [1191] => array_diff
            [1192] => array_diff_key
            [1193] => array_diff_ukey
            [1194] => array_udiff
            [1195] => array_diff_assoc
            [1196] => array_udiff_assoc
            [1197] => array_diff_uassoc
            [1198] => array_udiff_uassoc
            [1199] => array_sum
            [1200] => array_product
            [1201] => array_filter
            [1202] => array_map
            [1203] => array_chunk
            [1204] => array_combine
            [1205] => array_key_exists
            [1206] => pos
            [1207] => sizeof
            [1208] => key_exists
            [1209] => assert
            [1210] => assert_options
            [1211] => version_compare
            [1212] => ftok
            [1213] => str_rot13
            [1214] => stream_get_filters
            [1215] => stream_filter_register
            [1216] => stream_bucket_make_writeable
            [1217] => stream_bucket_prepend
            [1218] => stream_bucket_append
            [1219] => stream_bucket_new
            [1220] => output_add_rewrite_var
            [1221] => output_reset_rewrite_vars
            [1222] => sys_get_temp_dir
            [1223] => token_get_all
            [1224] => token_name
            [1225] => xml_parser_create
            [1226] => xml_parser_create_ns
            [1227] => xml_set_object
            [1228] => xml_set_element_handler
            [1229] => xml_set_character_data_handler
            [1230] => xml_set_processing_instruction_handler
            [1231] => xml_set_default_handler
            [1232] => xml_set_unparsed_entity_decl_handler
            [1233] => xml_set_notation_decl_handler
            [1234] => xml_set_external_entity_ref_handler
            [1235] => xml_set_start_namespace_decl_handler
            [1236] => xml_set_end_namespace_decl_handler
            [1237] => xml_parse
            [1238] => xml_parse_into_struct
            [1239] => xml_get_error_code
            [1240] => xml_error_string
            [1241] => xml_get_current_line_number
            [1242] => xml_get_current_column_number
            [1243] => xml_get_current_byte_index
            [1244] => xml_parser_free
            [1245] => xml_parser_set_option
            [1246] => xml_parser_get_option
            [1247] => utf8_encode
            [1248] => utf8_decode
            [1249] => xmlwriter_open_uri
            [1250] => xmlwriter_open_memory
            [1251] => xmlwriter_set_indent
            [1252] => xmlwriter_set_indent_string
            [1253] => xmlwriter_start_comment
            [1254] => xmlwriter_end_comment
            [1255] => xmlwriter_start_attribute
            [1256] => xmlwriter_end_attribute
            [1257] => xmlwriter_write_attribute
            [1258] => xmlwriter_start_attribute_ns
            [1259] => xmlwriter_write_attribute_ns
            [1260] => xmlwriter_start_element
            [1261] => xmlwriter_end_element
            [1262] => xmlwriter_full_end_element
            [1263] => xmlwriter_start_element_ns
            [1264] => xmlwriter_write_element
            [1265] => xmlwriter_write_element_ns
            [1266] => xmlwriter_start_pi
            [1267] => xmlwriter_end_pi
            [1268] => xmlwriter_write_pi
            [1269] => xmlwriter_start_cdata
            [1270] => xmlwriter_end_cdata
            [1271] => xmlwriter_write_cdata
            [1272] => xmlwriter_text
            [1273] => xmlwriter_write_raw
            [1274] => xmlwriter_start_document
            [1275] => xmlwriter_end_document
            [1276] => xmlwriter_write_comment
            [1277] => xmlwriter_start_dtd
            [1278] => xmlwriter_end_dtd
            [1279] => xmlwriter_write_dtd
            [1280] => xmlwriter_start_dtd_element
            [1281] => xmlwriter_end_dtd_element
            [1282] => xmlwriter_write_dtd_element
            [1283] => xmlwriter_start_dtd_attlist
            [1284] => xmlwriter_end_dtd_attlist
            [1285] => xmlwriter_write_dtd_attlist
            [1286] => xmlwriter_start_dtd_entity
            [1287] => xmlwriter_end_dtd_entity
            [1288] => xmlwriter_write_dtd_entity
            [1289] => xmlwriter_output_memory
            [1290] => xmlwriter_flush
            [1291] => zip_open
            [1292] => zip_close
            [1293] => zip_read
            [1294] => zip_entry_open
            [1295] => zip_entry_close
            [1296] => zip_entry_read
            [1297] => zip_entry_filesize
            [1298] => zip_entry_name
            [1299] => zip_entry_compressedsize
            [1300] => zip_entry_compressionmethod
            [1301] => apache_child_terminate
            [1302] => apache_request_headers
            [1303] => apache_response_headers
            [1304] => getallheaders
        )

[user] => Array

        (
        )

)