110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/Dev/ drwxr-xr-x Free 52.6 GB of 127.8 GB (41.16%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/Dev/ drwxr-xr-x
Free 52.6 GB of 127.8 GB (41.16%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: EditHisTraining.php (6.09 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php

	session_start();
	
	/**  Define Validate Access  */
	define( '_VALID_ACCESS', 1 );

	/**  Check Session User Login  */
	if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
		echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
		echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>ЎГШіТ·УЎТГ Login ЎиН№</strong></font></p></p>";
		echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
		exit();
	} 
	else {
		/**  Configuration  */
		require_once( "../configuration.php" );
		require_once( $_Config_absolute_path . "/includes/framework.php" );
		require_once( "../includes/Function.php" );
		require_once( "../includes/FunctionDB.php" );
		require_once( "../includes/cURL.php" );
	
		/**  Create Database Object  */
		$dbObj = new DBConn;

		/**  Receive values  */
		$Date = dmyE2ymdE2($_REQUEST["mDate"]);
		$No_in = htmlspecialchars( trim( $_POST['No_in'] ) );
		$Dated = htmlspecialchars( trim( $_POST['Dated'] ) );
		$cname = htmlspecialchars( trim( $_POST['cname'] ) );  // аГЧиН§
		$startdate  = dmyE2ymdE2($_REQUEST["mDate1"]);
		$enddate  = dmyE2ymdE2($_REQUEST["mDate2"]);
		$daycount  = trim( $_POST['daycount'] ); 
		$Year_std  = trim( $_POST['Year_std'] ); 
		$provcode  = trim( $_POST['provcode'] );  
		$countrycode = $_POST['countrycode'];  
		$unit = trim( $_POST['unit'] );  	
		$moneybudget1 = $_POST['moneybudget1'];  	
		$moneybudget2 = trim( $_POST['moneybudget2'] );  	
		$moneybudget3 = trim( $_POST['moneybudget3'] );  
		$moneybudget4 = trim( $_POST['moneybudget4'] ); 	
		$Training_std = trim( $_POST['Training_std'] );  	
		$moneycenter = trim( $_POST['moneycenter'] ); 	
		$Content = trim( $_POST['Content'] );  		
		$unitpoint = htmlspecialchars( trim( $_POST['unitpoint'] ) );  
		$Skills = trim( $_POST['Skills'] ); 
		$cdevcode = trim( $_POST['cdevcode'] );  
		$Orgskills = trim( $_POST['Orgskills'] );  
		$Groskills = trim( $_POST['Groskills'] );  
		$Perskills = trim( $_POST['Perskills'] );  
		$Hiskills = trim( $_POST['Hiskills'] );  
		$Training_type = trim( $_POST['Training_type'] );  
		$traindept = trim( $_POST['traindept'] );  
		
		//----№УЁУ№З№а§Ф№БТєЗЎ-----//
		  $money  =  $moneybudget1 +$moneybudget2 +$moneybudget3 + $moneybudget4 ;
		
		 	
		//---  Table  -->  'dev_his'
		
	     $sql ="UPDATE   dev_his   SET   Teacher_code='$Teacher_code' , perid='$perid' , Date='$Date', No_in='$No_in', Dated='$Dated', cname='$cname' ,orders ='$orders',  Training_code='$Training_code', startdate='$startdate' , enddate='$enddate'  , daycount='$daycount' , day='$day', Year_std='$Year_std' ,traincenter='$traincenter' ,provcode='$provcode' , countrycode='$countrycode', univId='$univId' , unit='$unit', moneybudget1='$moneybudget1', moneybudget2='$moneybudget2', moneybudget3='$moneybudget3' , moneybudget4='$moneybudget4', money='$money' , Training_std='$Training_std' , moneycenter='$moneycenter', Content='$Content', unitpoint='$unitpoint' , Skills='$Skills' , cdevcode='$cdevcode', Orgskills='$Orgskills' , Groskills ='$Groskills' , Perskills='$Perskills' , Hiskills='$Hiskills' , Training_type='$Training_type', traindept='$traindept'    Where   Training_code='$Training_code'  and   HisId='$HisId'  " ;
		$result = $dbObj->runQuery($sql);
		$dbObj->freeresult($result);

		$res = hrHisCurl($_REQUEST["HisId"], $Teacher_code, $perid, $Date, $No_in, $Dated, $cname, $orders, $Training_code, $startdate, $enddate, $daycount, $day, $Year_std, $traincenter, $provcode, $countrycode, $univId, $unit, $moneybudget1, $moneybudget2, $moneybudget3, $moneybudget4, $money, $Training_std, $moneycenter, $Content, $unitpoint, $Skills, $cdevcode, $Orgskills, $Groskills, $Perskills, $Hiskills, $Training_type, $traindept);

	} # else
 ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<link href="../css/default.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="../js/utilities.js"></script>
<title>ўйНБЩЕ·СиЗд»єШ¤ЕТЎГ - ўйНБЩЕЎТГѕСІ№ТєШ¤ЕТЎГ - аѕФиБўйНБЩЕ»ГРЗСµФЎТГѕСІ№Тµ№аН§</title></head>

<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">
<?php
	include("../templates/incHeader.php");
?>
<table width="1003" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="203" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td>
    <td width="800" height="440" align="center" valign="top" style="padding:10px 0px 5px 10px"><fieldset>
     <table width="780" border="0" cellspacing="0" cellpadding="0">
      <form id="myForm" name="myForm" method="post" action="<?=$PHP_SELF;?>?page=<?=$page;?>">
      <tr>
        <td height="5"></td>
      </tr>
      <tr>
        <td height="30" background="../images/background/bg-head-topic-w780.gif" class="PADDING-LEFT-10"><strong><a href="index.php">Л№йТЛЕСЎ</a></strong> <strong>&raquo; <a href="Menu_Teach.php?Teacher_code=<?=$Teacher_code;?>">ўйНБЩЕ·СиЗд»єШ¤ЕТЎГ</a> &raquo; <a href="TrainingList.php?Teacher_code=<?=$Teacher_code;?>">ўйНБЩЕЎТГѕСІ№ТєШ¤ЕТЎГ</a> &raquo; <span class="NOTE">аѕФиБўйНБЩЕ»ГРЗСµФЎТГѕСІ№Тµ№аН§</span></strong></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td height="150" align="center"><span class="TEXT-GREEN10"><strong>ГРєєЁСґаЎзєўйНБЩЕўН§·иТ№аГХВєГйНВбЕйЗ</strong></span><br />
          ЎГШіТГНКйЎ¤ГЩи ЎУЕС§а»ЕХиВ№Л№йТНСµв№БСµФ<br />
          <?php echo "<meta http-equiv=\"refresh\" content=\"2; URL=TrainingList.php?Teacher_code=$Teacher_code&Training_code=$Training_code&HisId=$HisId\">"; ?></td>
      </tr>
      <tr>
        <td height="234">&nbsp;</td>
      </tr></form>
    </table>
   </fieldset></td>
  </tr>
</table>
<?php include("../templates/incFooter.php"); ?>
</body>
</html>
<?php
	/**  Free Resource */
	$dbObj->freeresult($result0);
	
	/**  Close the Database  */
	$dbObj->disconn();
	
	/**  Unset Class  */
	unset($dbObj);
?>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]--