!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/Std_Acc_depart/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     FrmEditPunish.php (7.94 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
session_start
();
 if (
session_is_registered("valid_user")&&session_is_registered("Priority")&&session_is_registered("password") )
 {
include(
"../include/FunctionDB.php");
include(
"admin_menu.php");
include(
"../include/Function.php");
ConnectDB();
$sql ="Select * From student_tb Where Student_id='$Student_id' ";
$result mysql_query($sql) or die("Error".mysql_error());
$rs mysql_fetch_array($result);
$sql1 "Select * From std_punish_tb Where code='$code'";
$result1 mysql_query($sql1) or die("Error".mysql_error());
$row mysql_fetch_array($result1);
?> 
<meta http-equiv="Content-Type" content="text/html; charset=TIS-620">
<script language="JavaScript">
function formCheck(formobj){
    // Enter name of mandatory fields
    var fieldRequired = Array("mDate","mMonth","mYear","Punish_type","Perform", "Consider");
    // Enter field description to appear in the dialog box
    var fieldDescription = Array("Date","Month","Year","Punish type","Perform", "Consider");
    // dialog message
    var alertMsg = "Please complete the following fields:\n";
    var l_Msg = alertMsg.length;
    
    for (var i = 0; i < fieldRequired.length; i++){
        var obj = formobj.elements[fieldRequired[i]];
        if (obj){
            switch(obj.type){
            case "select-one":
                if (obj.selectedIndex == -1 || obj.options[obj.selectedIndex].text == ""){
                    alertMsg += " - " + fieldDescription[i] + "\n";
                }
                break;
            case "select-multiple":
                if (obj.selectedIndex == -1){
                    alertMsg += " - " + fieldDescription[i] + "\n";
                }
                break;
            case "text":
            case "textarea":
                if (obj.value == "" || obj.value == null){
                    alertMsg += " - " + fieldDescription[i] + "\n";
                }
                break;
            default:
            }
            if (obj.type == undefined){
                var blnchecked = false;
                for (var j = 0; j < obj.length; j++){
                    if (obj[j].checked){
                        blnchecked = true;
                    }
                }
                if (!blnchecked){
                    alertMsg += " - " + fieldDescription[i] + "\n";
                }
            }
        }
    }

    if (alertMsg.length == l_Msg){
        return true;
    }else{
        alert(alertMsg);
        return false;
    }
}
// -->
</script>
<table width="835" border="0" cellpadding="0" cellspacing="0">
    <tr>
        <td width="835" ><br> 
          <fieldset>
            <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="Edu_Menu.php">˹éÒËÅÑ¡</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="StudentList.php?Student_id=<? echo $rs[Student_id]?>">¢éÍÁÙŹѡÈÖ¡ÉÒ</a></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="menu_std.php?Student_id=<? echo $rs[Student_id]?>">¢éÍÁÙÅ»ÃÐÇѵԹѡÈÖ¡ÉÒ</a></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="EditStudentList.php"></a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /><a href="AddPunish.php?Student_id=<? echo $rs[Student_id]?>"> à¾ÔèÁ¢éÍÁÙŤÇÒÁ¼Ô´áÅÐâ·É</a></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /><a href="EditPunishList.php?Student_id=<? echo $rs[Student_id]?>">á¡é䢢éÍÁÙŤÇÒÁ¼Ô´áÅÐâ·É</a></font></legend>
            <label>
  <form id="form1" name="form1" method="post" action="EditPunish.php">
    <table width="73%" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#E8E8E8">
      <tr bgcolor="#FDDCCE">
        <td height="25" colspan="3"><div align="center"><strong><font color="#FF0000" size="4" face="Tahoma">á¡é䢠</font><font size="4" face="Tahoma, MS Sans Serif">¢éÍÁÙžĵԡÃÃÁ 
          áÅРÇԹѠ¹Ñ¡ÈÖ¡ÉÒ</font></strong></div></td>
      </tr>
      <tr>
        <td bgcolor="#EEEEEE"><div align="center"><font size="2" face="Tahoma">ÃËÑʹѡÈÖ¡ÉÒ</font></div></td>
        <td bgcolor="#EEEEEE">&nbsp;</td>
        <td bgcolor="#EEEEEE"><strong><font size="2" face="Tahoma"><? echo $rs[Student_id]?></font></strong></td>
      </tr>
      <tr>
        <td width="27%" bgcolor="#EEEEEE"><div align="center"><font size="2" face="Tahoma, MS Sans Serif">ª×èÍ-¹ÒÁÊ¡ØÅ</font></div></td>
        <td width="3%" bgcolor="#EEEEEE">&nbsp;</td>
        <td width="70%" bgcolor="#EEEEEE"><strong><font size="2" face="Tahoma"><? echo $rs[First_name]?>&nbsp;<? echo $rs[Name]?> <? echo $rs[Lastname]?></font></strong></td>
      </tr>
      <tr>
        <td bgcolor="#EEEEEE"><div align="center"><font size="2" face="Tahoma">Çѹ·ÕèºÑ¹·Ö¡</font></div></td>
        <td bgcolor="#EEEEEE">&nbsp;</td>
        <td bgcolor="#EEEEEE"><font color="#000000" size="2" face="Tahoma">Çѹ·Õè
          <select name="mDate" id="select" class="select" >
                <?php
           $Date_note 
$row[Date_note];
           
$yearthai explode("-",$Date_note);
           
$mDate =   intval($yearthai[2]);
           
$mMonth =  intval($yearthai[1]);
           
$mYear =   intval($yearthai[0]);
            for(
$i=0;$i<=31;$i++)
             {  
            if( 
$i == 0)
               echo
"\n\t<option value=\"$mDate\" selected>$mDate</option>\n ";
             else
               echo
"\n\t<option value=\"$i\">$i</option>\n ";
              }
                 
//    getDay1to31();
           
?>
              </select>
          à´×͹
          <select name="mMonth" id="select" class="select" >
            <?php
          $Date_note 
$row[Date_note];
           
$yearthai explode("-",$Date_note);
           
$mDate=   intval($yearthai[2]);
           
$Month =  intval($yearthai[1]);
           
$mYear =   intval($yearthai[0]);     
           
$mMonth $Month;
          
$CMonth TxtThaiMonth($Month);
           for(
$i=-1;$i<=11;$i++)
              {
             
$a $i+1;
                if( 
$a == 0)
                  echo
"\n\t<option value=\"$mMonth\" selected>$CMonth</option>\n ";
             else
                  echo
"\n\t<option value=\"$a\">$ThaiMonth[$i]</option>\n ";
              }
                 
// getThaiMonth();
          
?>
          </select>
          »Õ ¾.È.
          <input name="mYear" type="text" class="input" id="mYear2" value="<? echo $mYear ?>" size="5" maxlength="4" />
        </font></td>
      </tr>
      <tr>
        <td bgcolor="#EEEEEE"><div align="center"><font size="2" face="Tahoma, MS Sans Serif">»ÃÐàÀ·¤ÇÒÁ¼Ô´</font></div></td>
        <td bgcolor="#EEEEEE">&nbsp;</td>
        <td bgcolor="#EEEEEE"><font face="Tahoma, MS Sans Serif">
          <input name="Punish_type" type="text" id="Punish_type" value="<? echo $row[Punish_type]?>" size="60" />
        </font><font size="2" face="Tahoma">&nbsp; </font> </td>
      </tr>
      <tr bordercolor="#CCCCCC">
        <td nowrap="nowrap" bordercolor="#CCCCCC" bgcolor="#EEEEEE"><div align="center"><font color="#000000" size="2" face="Tahoma">¾ÄµÔ¡ÃÃÁ</font></div></td>
        <td bordercolor="#CCCCCC" bgcolor="#EEEEEE">&nbsp;</td>
        <td nowrap="nowrap" bordercolor="#CCCCCC" bgcolor="#EEEEEE"><font size="2" face="Tahoma">
          <textarea name="Perform" cols="60" rows="5" id="Perform"><? echo $row[Perform]?></textarea>
        </font></td>
      </tr>
      <tr>
        <td bgcolor="#EEEEEE"><div align="center"><font color="#000000" size="2" face="Tahoma">¡ÒþԨÒóҠ</font></div></td>
        <td bgcolor="#EEEEEE">&nbsp;</td>
        <td bgcolor="#EEEEEE"><textarea name="Consider" cols="60" rows="5" id="Consider"><? echo $row[Consider]?></textarea></td>
      </tr>
      <tr bgcolor="#FDDCCE">
        <td colspan="3"><div align="center">
            <input type="hidden" name="Student_id" value="<? echo $row[Student_id]?>" />
            <input type="hidden" name="code" value="<? echo $row[code]?>" />
            <input type="submit" name="Submit" value="  ºÑ¹·Ö¡  " />
        </div></td>
      </tr>
    </table>
  </form>
          </fieldset>
        <br>
        <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>ËÁÒÂà˵ؠ:</b> ãªéàÁÒÊì¤ÅÔ¡·Õèª×èÍ<br>
      </font></td>
    </tr>
</table>
<?php 
    
}
else
{
       echo
"<meta http-equiv=\"refresh\" content=\"3;URL=../login.php\">\n";
       echo
"Please Login ";
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0145 ]--