110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/Plan_new/ drwxr-xr-x Free 52.63 GB of 127.8 GB (41.18%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/Plan_new/ drwxr-xr-x
Free 52.63 GB of 127.8 GB (41.18%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: ExcelSpendingSum.php (7.84 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php

	session_start();
	
	/**  Define Validate Access  */
	define( '_VALID_ACCESS', 1 );
    
	  /*--Ки§ННЎ Excel------*/
	   header('Content-type: application/xls');
       header('Content-Disposition: attachment; filename="misreport.xls"');

	/**  Check Session User Login  */
	if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
		echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
		echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>ЎГШіТ·УЎТГ Login ЎиН№</strong></font></p></p>";
		echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
		exit();
	} 
	else {
		/**  Configuration  */
		
		require_once( "../configuration.php" );
		require_once( $_Config_absolute_path . "/includes/framework.php" );
		require_once( "../includes/Function.php" );
	
		/**  Create Database Object  */
		$dbObj = new DBConn;

		//=== SESSION
		$Username = $valid_user; 
	
		
		
		/**  Config Table for This Page  */
		$myTable = "project_type_tb";
		$myTable1 = "project_tb";
		$myTablePK = "Faculty_code";
		$myTable2 = "money_source_tb";
		$myTablePK2 = "MoneyS_C";
        $myTable3 = "faculty_tb";
	

		
	} # else
 ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<title>бј№ЎТГґУа№Ф№§Т№</title>
</head>

<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">

<table width="1054" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="1054" align="center" valign="top" style="padding:10px 0px 5px 10px">
      <?php
		
		/**  Query аѕЧиНЛТ Numrows ЎиН№  */
		$query = " SELECT *  FROM  faculty_tb  Where   FacultyStatus ='Y'    ";
		$result = $dbObj->execQuery($query);
	    
	    $numrows = $dbObj->_numrows;
	
		
    ?>
      <fieldset>
        <table width="1033" border="0" cellspacing="0" cellpadding="0">
          <form id="myForm" name="myForm" method="post" action="<?=$PHP_SELF;?>?Budget_Year=<?=$Budget_Year;?>&amp;ProjectId=<?=$ProjectId;?>&amp;MoneyS_C=<?=$MoneyS_C;?>&amp;page=<?=$page;?>">
            <tr>
              <td width="1033" height="5" colspan="2"></td>
            </tr>
            <tr>
              <td colspan="2"><table width="99%" border="0" align="center" cellpadding="0" cellspacing="0">
                  <tr>
                    <td height="10" colspan="2" align="center">ГТВ§Т№бКґ§К¶Т№РЎТГўНгЄйа§Ф№µТБбј№»ЇФєСµФЎТГ »Х§є»ГРБТі
                    <?=$Budget_Year;?></td>
                  </tr>
                  <tr>
                    <td width="100%" height="10" colspan="2" align="right"></td>
                  </tr>
              </table></td>
            </tr>
            <tr>
              <td height="105" colspan="2" align="center" valign="top"><table width="1022" border="1" align="center" cellpadding="1" cellspacing="1" class="BORDER-GREY">
                  <tr bgcolor="#F8F8F8">
                   <td width="868" height="23" align="center"class="PADDING-RIGHT-10" >Л№иЗВ§Т№</td>
                     <?php 
				   $sql ="  SELECT  * FROM  money_source_tb       " ;
			       $result6 = $dbObj->execQuery($sql);
                   $no = 1+($display-1)*$limit;
                while( $rss = $dbObj->fetchArray($result6) ) { 
				    $bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";  
				      ?>
                    <td width="70" height="22" class="PADDING-LEFT-10 BORDER-LEFT"><?php 		
					echo "$rss[MoneyS_M]";  ?> </a></td>
                    <?php 
                    $no  ++;
                      } # while 
		               ?> 
                  <td width="68" align="center" class="BORDER-LEFT">ЁУ№З№а§Ф№</td>
                   </tr>
                   <tr bgcolor="<?=$bgColor;?>" class="PADDING-RIGHT-10 BORDER-TOP BORDER-LEFT" >
                 <?php 
                         $no = 1+($display-1)*$limit;
                   while( $rs = $dbObj->fetchArray($result) ) { 
				         $bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";
                          ?>
                 <td height="22" class="PADDING-LEFT-5 BORDER-TOP">
                      <?php  echo $rs['Faculty_name'] ; ?>
                    </a></td>
                     <?php 
				   $sql ="  SELECT  * FROM  money_source_tb       " ;
			       $result6 = $dbObj->execQuery($sql);
                   $no = 1+($display-1)*$limit;
                while( $rss = $dbObj->fetchArray($result6) ) { 
				   $bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";  
				      ?>
                          <td align="right"  class="PADDING-RIGHT-5 BORDER-TOP BORDER-LEFT"><?php         
				$sql1 = " SELECT SUM(Budget_total) AS SumB1  FROM project_type_tb  WHERE  MoneyS_C='$rss[MoneyS_C]'   AND   Faculty_code='$rs[Faculty_code]'  AND Budget_Year='$Budget_Year' ";
				$result1 = mysql_query($sql1);
				$rss1 = mysql_fetch_array($result1);
					echo number_format($rss1['SumB1'],2,'.',',');
            ?></td>
                <?php 
                    $no  ++;
                      } # while 
		               ?>      
                           <td align="right"  class="PADDING-RIGHT-5 BORDER-TOP BORDER-LEFT"><?php 
				$sql2 = " SELECT SUM(Budget_total) AS SumB1  FROM project_type_tb  WHERE Faculty_code='$rs[Faculty_code]' AND  Budget_Year='$Budget_Year' ";
				$result2 = $dbObj->execQuery($sql2);
				$rs2 = $dbObj->fetchArray($result2);
					echo number_format($rs2['SumB1'],2,'.',','); 
            ?> </td> 
                      </tr>   
                  <?php 
                    $no  ++;
                      } # while 
		               ?>      
                  <tr bgcolor="#F8F8F8" class="PADDING-RIGHT-10 BORDER-TOP BORDER-LEFT" >
                    <td height="23" align="center" bgcolor="#FFCCCC" class="PADDING-LEFT-10 BORDER-TOP " >ЁУ№З№а§Ф№ГЗБ</td>
                    <?php 
				   $sql ="  SELECT  * FROM  money_source_tb       " ;
			       $result6 = $dbObj->execQuery($sql);
                   $no = 1+($display-1)*$limit;
                while( $rss = $dbObj->fetchArray($result6) ) { 
				    $bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";  
				      ?>
                     <td align="right" bgcolor="#FFCCCC" class="PADDING-RIGHT-5 BORDER-TOP BORDER-LEFT">
					 <?php
		   		$sql3 = " SELECT SUM(Budget_total) AS SumC5  FROM  project_type_tb  WHERE  MoneyS_C='$rss[MoneyS_C]'   AND  Budget_Year='$Budget_Year' ";
		   		$result3 = $dbObj->execQuery($sql3);
		   		$rss3 = $dbObj->fetchArray($result3);
		   			echo number_format($rss3['SumC5'],2,'.',',');
		   ?>
                    </td>
                     <?php 
                    $no++;
                      } # while 
		             ?> 
                    <td align="right" bgcolor="#FFCCCC" class="PADDING-RIGHT-5 BORDER-TOP BORDER-LEFT">
                     <?php
		   		$sql4 = " SELECT SUM(Budget_total) AS SumC6  FROM  project_type_tb  WHERE Budget_Year='$Budget_Year' ";
		   		$result4 = $dbObj->execQuery($sql4);
		   		$rss4 = $dbObj->fetchArray($result4);
		   			echo number_format($rss4['SumC6'],2,'.',',');
		   ?>    </td>                 
                  </tr>
                  
            </table>
                <table width="750" border="0" cellspacing="0" cellpadding="0">
                  <tr>
      <td align="center"></td>
      </tr>
  </table>
  <p>&nbsp;</p></td>
            </tr>
            <tr>
              <td colspan="2">&nbsp;</td>
        </tr></form></table>
    </fieldset></td>
  </tr>
</table>
</body>
</html>
<?php
	/**  Free Resource */
	$dbObj->freeresult($result1);
	
	/**  Close the Database  */
	$dbObj->disconn();
	
	/**  Unset Class  */
	unset($dbObj);
?>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.006 ]--