!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/admin/   drwxr-xr-x
Free 52.64 GB of 127.8 GB (41.19%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     send.php (24.94 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
call('deleteUpdatePersonal',array('collogeCode'=>base64_encode($_Config_college_code)));

		$strQuery = "select  * from personal_tb";
		$result = $conn->execQuery($strQuery);
		
		$dataNumPerLoop = 10;
		$num_rows = mysql_num_rows($result);

		if($num_rows <= $dataNumPerLoop){
   			$dataLoop = 1;
		}
		else if (($num_rows % $dataNumPerLoop) == 0){
       		$dataLoop = ($num_rows / $dataNumPerLoop);
		}
		else{
        	$dataLoop = ($num_rows / $dataNumPerLoop) + 1;
			$dataLoop = (int)$dataLoop;
		}

		for($i=1;$i<=$dataLoop;$i++){
			$strQuery = "select  * from personal_tb limit ".(($dataNumPerLoop*$i) - $dataNumPerLoop).",".$dataNumPerLoop;
			$result = $conn->execQuery($strQuery);
			
			while($rs = $conn->fetchObject($result)){
				$data[0] = base64_encode($rs->Teacher_code);
				$data[1] = base64_encode($_Config_college_code);
				$data[2] = base64_encode($rs->Teacher_id);
				$data[3] = base64_encode($rs->prefixId);
				$data[4] = base64_encode($rs->Teacher_name);
				$data[5] = base64_encode($rs->Teacher_lastname);
				$data[6] = base64_encode($rs->DateBirth);
				$data[7] = base64_encode($rs->Sex); 
				$data[8] = base64_encode($rs->Nationality); 
				$data[9] = base64_encode($rs->Nation);
				$data[10] = base64_encode($rs->Religion);
				$data[11] = base64_encode($rs->Citizen_id);
				$data[12] = base64_encode($rs->StatusId);
				$data[13] = base64_encode($rs->Soulmate);
				$data[14] = base64_encode($rs->Total_child);
				$data[15] = base64_encode($rs->Address);
				$data[16] = base64_encode($rs->districtId); 
				$data[17] = base64_encode($rs->amphurId);
				$data[18] = base64_encode($rs->provinceId);
				$data[19] = base64_encode($rs->conId);
				$data[20] = base64_encode($_Config_live_site."/personal_pic/".$rs->Img1);
				$data[21] = base64_encode($rs->Skill);
				$data[22] = base64_encode($rs->Type_Degree);
				$data[23] = base64_encode($rs->Degree_code);
				$data[24] = base64_encode($rs->Degree_else);
				$data[25] = base64_encode($rs->Degree_His1); 
				$data[26] = base64_encode($rs->Degree_His1_Major);
				$data[27] = base64_encode($rs->Degree_His1_Institute);
				$data[28] = base64_encode($rs->Degree_His1_End_Year);
				$data[29] = base64_encode($rs->Degree_His2);
				$data[30] = base64_encode($rs->Degree_His2_Major);
				$data[31] = base64_encode($rs->Degree_His2_Institute);
				$data[32] = base64_encode($rs->Degree_His2_End_Year);
				$data[33] = base64_encode($rs->Degree_His3);
				$data[34] = base64_encode($rs->Degree_His3_Major);		
				$data[35] = base64_encode($rs->Degree_His3_Institute);
				$data[36] = base64_encode($rs->Degree_His3_End_Year);
				$data[37] = base64_encode($rs->Type_degree1);
				$data[38] = base64_encode($rs->Type_degree2);
				$data[39] = base64_encode($rs->Type_degree3);
				$data[40] = base64_encode($rs->Year_1);
				$data[41] = base64_encode($rs->Year_2); 
				$data[42] = base64_encode($rs->Year_3); 
				$data[43] = base64_encode($rs->Person_type);
				$data[44] = base64_encode($rs->Teacher_type);
				$data[45] = base64_encode($rs->Gover_id);
				$data[46] = base64_encode($rs->Forum_nid);
				$data[47] = base64_encode($rs->Club_nid);
				$data[48] = base64_encode($rs->Year_gov);
				$data[49] = base64_encode($rs->Year_coll);
				$data[50] = base64_encode($rs->Year_fac); 
				$data[51] = base64_encode($rs->Gover_pos);
				$data[52] = base64_encode($rs->PositionId);
				$data[53] = base64_encode($rs->Salary_1);
				$data[54] = base64_encode($rs->TeacherId);
				$data[55] = base64_encode($rs->Propessnal);
				$data[56] = base64_encode($rs->Manage_pos);
				$data[57] = base64_encode($rs->Faculty_code);
				$data[58] = base64_encode($rs->Email);
				$data[59] = base64_encode($rs->permission); 
				$data[60] = base64_encode($rs->date_added);
				$data[61] = base64_encode($rs->date_updated);
				
				$client->call('importToUpdatePersonal',array('data'=>$data));				
			}						
		}		
		?>
			call('getUpdatePersonalID',array('collogeCode'=>base64_encode($_Config_college_code)));	
					$data = split(',',$response);
					
					for($i=0;$icall('getUpdatePersonal',array('Teacher_code'=>base64_encode($data[$i]) , 'collogeCode'=>base64_encode($_Config_college_code))); 
			  ?>  
			  ">
          	  
          	
          	

          	  ยืนยันการส่งข้อมูล
          	  

          	

          	  ชื่อ - สกุล
          	  สถานะ
        	  

			  

          	           
          	  UPDATE":"INSERT"?>
        	  
 
			      	
			  

			  		  
			  
          	  
        	
	      

		call('deleteUpdateBuilding',array('collogeCode'=>base64_encode($_Config_college_code)));					
			
			//-- 2.Transfer Data From building_tb (Client) to update_building (PI)			

			$strQuery = "select  * from building_tb";
			$result = $conn->execQuery($strQuery);
		
			$dataNumPerLoop = 10;
			$num_rows = mysql_num_rows($result);

			if($num_rows <= $dataNumPerLoop){
   				$dataLoop = 1;
			}
			else if (($num_rows % $dataNumPerLoop) == 0){
       			$dataLoop = ($num_rows / $dataNumPerLoop);
			}
			else{
        		$dataLoop = ($num_rows / $dataNumPerLoop) + 1;
				$dataLoop = (int)$dataLoop;
			}

			for($i=1;$i<=$dataLoop;$i++){
				$strQuery = "select  * from building_tb limit ".(($dataNumPerLoop*$i) - $dataNumPerLoop).",".$dataNumPerLoop;
				$result = $conn->execQuery($strQuery);
			
				while($rs = $conn->fetchObject($result)){								
					$data[0] = base64_encode($rs->BuildD_No);
					$data[1] = base64_encode($_Config_college_code);
					$data[2] = base64_encode($rs->BuildD_ID);
					$data[3] = base64_encode($rs->Build_name);
					$data[4] = base64_encode($rs->Build_type);
					$data[5] = base64_encode($rs->Date_note);
					$data[6] = base64_encode($_Config_live_site."/Man_pic/".$rs->Img1);
					$data[7] = base64_encode($rs->Short_name); 
					$data[8] = base64_encode($rs->Class_unit); 
					$data[9] = base64_encode($rs->Room_unit);
					$data[10] = base64_encode($rs->BuildD_Yr);
					$data[11] = base64_encode($rs->BuildD_Pr);
					$data[12] = base64_encode($rs->MoneyS_C);
					$data[13] = base64_encode($rs->Description);
					$data[14] = base64_encode($rs->Area);
								
					$client->call('importToUpdateBuilding',array('data'=>$data));
				}
			}
			
			?>
			call('getUpdateBuildingID',array('collogeCode'=>base64_encode($_Config_college_code)));	
					$data = split(',',$response);
					
					for($i=0;$icall('getUpdateBuilding',array('BuildD_No'=>base64_encode($data[$i]) , 'collogeCode'=>base64_encode($_Config_college_code))); 
			  ?>  
			  ">
          	  
          	
          	

          	  ยืนยันการส่งข้อมูล
          	  

          	

          	  ชื่ออาคาร
          	  สถานะ
        	  

			  

          	      
          	  UPDATE":"INSERT"?>
        	  
 
			      	
			  

			  		  
			  
          	  
        	
	      

			call('deleteStudentByYearRealT',array('collogeCode'=>base64_encode($_Config_college_code)));	
		$client->call('deleteStudentByProgram',array('collogeCode'=>base64_encode($_Config_college_code)));	
		$client->call('deleteStudentByProvince',array('collogeCode'=>base64_encode($_Config_college_code)));	
		$client->call('deleteStudentByLevel',array('collogeCode'=>base64_encode($_Config_college_code)));	
					
		//-- 2.Transfer Data From reg.studentMaster (Client) to studentByYearTemp , studentByProgramTemp , studentByProvinceTemp , studentByLevelTemp (PI)
		//-- studentByYear
		$strQueryAcadYear = "select admitAcadYear from StudentMaster group by admitAcadYear";
		$resultAcadYear = mysql_query($strQueryAcadYear);
			
		while($RSAcadYear = mysql_fetch_object($resultAcadYear)){
			$strQueryStudent = "SELECT admitAcadYear , (select COUNT(*) from StudentMaster where studentSex = 'M' and studentStatus = '1' and admitAcadYear = '".$RSAcadYear->admitAcadYear."') as studentM , (select COUNT(*) from StudentMaster where studentSex = 'F' and studentStatus = '1' and admitAcadYear = '".$RSAcadYear->admitAcadYear."') as studentF FROM StudentMaster WHERE studentStatus = '1' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear";
			$resultStudent = mysql_query($strQueryStudent);
			$rows = mysql_num_rows($resultStudent);
				
			if($rows){
				$RSStudent = mysql_fetch_object($resultStudent);				
				$yearData[0] = base64_encode($_Config_college_code);
				$yearData[1] = base64_encode($RSStudent->admitAcadYear);
				$yearData[2] = base64_encode($RSStudent->studentM);
				$yearData[3] = base64_encode($RSStudent->studentF);
				
				$client->call('importToStudentByYear',array('data'=>$yearData));		
			}	
		}
			
		//-- studentByProgram
		$strQueryProgram = "select programId from Program";
		$resultProgram = mysql_query($strQueryProgram);
			
		while($RSProgram = mysql_fetch_object($resultProgram)){
			$strQueryStudent = "SELECT programId , (select COUNT(*) from StudentMaster where studentSex = 'M' and studentStatus = '1' and programId = '".$RSProgram->programId."') as studentM , (select COUNT(*) from StudentMaster where studentSex = 'F' and studentStatus = '1' and programId = '".$RSProgram->programId."') as studentF FROM StudentMaster WHERE programId = '".$RSProgram->programId."' and studentStatus = '1' GROUP BY programId";
			$resultStudent = mysql_query($strQueryStudent);
			$rows = mysql_num_rows($resultStudent);
				
			if($rows){
				$RSStudent = mysql_fetch_object($resultStudent);				
				$programData[0] = base64_encode($_Config_college_code);
				$programData[1] = base64_encode($RSStudent->programId);
				$programData[2] = base64_encode($RSStudent->studentM);
				$programData[3] = base64_encode($RSStudent->studentF);
				
				$client->call('importToStudentByProgram',array('data'=>$programData));	
			}		
		}
			
		//-- studentByProvince
		$strQueryProvince = "select provinceId from Province";
		$resultProvince = mysql_query($strQueryProvince);
			
		while($RSProvince = mysql_fetch_object($resultProvince)){
			//echo $RSProvince->provinceId."
";
			$strQueryStudent = "SELECT StudentBio.homeProvinceId , (select COUNT(*) from StudentMaster , StudentBio where StudentMaster.studentSex = 'M' and StudentBio.homeProvinceId = '".$RSProvince->provinceId."' and StudentMaster.studentStatus = '1' and StudentMaster.studentId = StudentBio.studentId) as studentM , (select COUNT(*) from StudentMaster , StudentBio where StudentMaster.studentSex = 'F' and StudentBio.homeProvinceId = '".$RSProvince->provinceId."' and StudentMaster.studentStatus = '1' and StudentMaster.studentId = StudentBio.studentId) as studentF FROM StudentMaster , StudentBio WHERE StudentBio.homeProvinceId = '".$RSProvince->provinceId."' and StudentMaster.studentStatus = '1' and StudentMaster.studentId = StudentBio.studentId GROUP BY StudentBio.homeProvinceId";
			$resultStudent = mysql_query($strQueryStudent);
			$rows = mysql_num_rows($resultStudent);
				
			if($rows){
				$RSStudent = mysql_fetch_object($resultStudent);				
				$provinceData[0] = base64_encode($_Config_college_code);
				$provinceData[1] = base64_encode($RSStudent->homeProvinceId);
				$provinceData[2] = base64_encode($RSStudent->studentM);
				$provinceData[3] = base64_encode($RSStudent->studentF);
			
				$client->call('importToStudentByProvince',array('data'=>$provinceData));	
			}		
		}
			
		//-- studentByLevel
		//--New		
		$strQueryAcadYear = "select admitAcadYear from StudentMaster group by admitAcadYear";
		$resultAcadYear = mysql_query($strQueryAcadYear);
			
		while($RSAcadYear = mysql_fetch_object($resultAcadYear)){	
			$strQueryLevel = "select levelId from Level";
			$resultLevel = mysql_query($strQueryLevel);
				
			while($RSLevel = mysql_fetch_object($resultLevel)){					
				$strQueryStudent = "SELECT admitAcadYear , levelId , (select COUNT(*) from StudentMaster where studentSex = 'M' and studentStatus = '1' and studentYear = '1' and levelId = '".$RSLevel->levelId."' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear) as studentM , (select COUNT(*) from StudentMaster where studentSex = 'F' and studentStatus = '1' and studentYear = '1' and levelId = '".$RSLevel->levelId."' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear) as studentF FROM StudentMaster WHERE studentStatus = '1' and studentYear = '1' and levelId = '".$RSLevel->levelId."' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear";
				$resultStudent = mysql_query($strQueryStudent);
				$rows = mysql_num_rows($resultStudent);
				
				if($rows){
					$RSStudent = mysql_fetch_object($resultStudent);
					$levelData[0] = base64_encode($_Config_college_code);
					$levelData[1] = base64_encode($RSStudent->admitAcadYear);
					$levelData[2] = base64_encode($RSStudent->levelId);
					$levelData[3] = base64_encode($RSStudent->studentM);
					$levelData[4] = base64_encode($RSStudent->studentF);
					$levelData[5] = base64_encode("1");
					
					$client->call('importToStudentByLevel',array('data'=>$levelData));			
				}	
			}		
		}	
		//-- studentByLevel
		//--All
		$strQueryAcadYear = "select admitAcadYear from StudentMaster group by admitAcadYear";
		$resultAcadYear = mysql_query($strQueryAcadYear);
			
		while($RSAcadYear = mysql_fetch_object($resultAcadYear)){
			$strQueryLevel = "select levelId from Level";
			$resultLevel = mysql_query($strQueryLevel);
			
			while($RSLevel = mysql_fetch_object($resultLevel)){	
				$strQueryStudent = "SELECT admitAcadYear , levelId , (select COUNT(*) from StudentMaster where studentSex = 'M' and studentStatus = '1' and levelId = '".$RSLevel->levelId."' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear) as studentM , (select COUNT(*) from StudentMaster where studentSex = 'F' and studentStatus = '1' and levelId = '".$RSLevel->levelId."' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear) as studentF FROM StudentMaster WHERE studentStatus = '1' and levelId = '".$RSLevel->levelId."' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear";
				$resultStudent = mysql_query($strQueryStudent);
				$rows = mysql_num_rows($resultStudent);
					
				if($rows){
			    	$RSStudent = mysql_fetch_object($resultStudent);
					$levelData[0] = base64_encode($_Config_college_code);
					$levelData[1] = base64_encode($RSStudent->admitAcadYear);
					$levelData[2] = base64_encode($RSStudent->levelId);
					$levelData[3] = base64_encode($RSStudent->studentM);
					$levelData[4] = base64_encode($RSStudent->studentF);
					$levelData[5] = base64_encode("2");
			
					$client->call('importToStudentByLevel',array('data'=>$levelData));			
				}
			}
		}
		//-- studentByLevel
		//--Graduate
		$strQueryAcadYear = "select admitAcadYear from StudentMaster group by admitAcadYear";
		$resultAcadYear = mysql_query($strQueryAcadYear);
			
		while($RSAcadYear = mysql_fetch_object($resultAcadYear)){
			$strQueryLevel = "select levelId from Level";
			$resultLevel = mysql_query($strQueryLevel);
			
			while($RSLevel = mysql_fetch_object($resultLevel)){
				$strQueryStudent = "SELECT admitAcadYear , levelId , (select COUNT(*) from StudentMaster where studentSex = 'M' and studentStatus = '4' and levelId = '".$RSLevel->levelId."' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear) as studentM , (select COUNT(*) from StudentMaster where studentSex = 'F' and studentStatus = '4' and levelId = '".$RSLevel->levelId."' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear) as studentF FROM StudentMaster WHERE studentStatus = '4' and levelId = '".$RSLevel->levelId."' and admitAcadYear = '".$RSAcadYear->admitAcadYear."' GROUP BY admitAcadYear";
				$resultStudent = mysql_query($strQueryStudent);
				$rows = mysql_num_rows($resultStudent);
					
				if($rows){
					$RSStudent = mysql_fetch_object($resultStudent);				
					$levelData[0] = base64_encode($_Config_college_code);
					$levelData[1] = base64_encode($RSStudent->admitAcadYear);
					$levelData[2] = base64_encode($RSStudent->levelId);
					$levelData[3] = base64_encode($RSStudent->studentM);
					$levelData[4] = base64_encode($RSStudent->studentF);
					$levelData[5] = base64_encode("3");
				
					$client->call('importToStudentByLevel',array('data'=>$levelData));	
				}		
			}	
		}
		
		?>
		call('getStudentByYearID',array('collogeCode'=>base64_encode($_Config_college_code)));	
					$resProgram = $client->call('getStudentByProgramID',array('collogeCode'=>base64_encode($_Config_college_code)));
					$resProvince= $client->call('getStudentByProvinceID',array('collogeCode'=>base64_encode($_Config_college_code)));
					$resLevelNew = $client->call('getStudentByLevelID',array('collogeCode'=>base64_encode($_Config_college_code),'statusId'=>base64_encode("1")));
					$resLevelAll = $client->call('getStudentByLevelID',array('collogeCode'=>base64_encode($_Config_college_code),'statusId'=>base64_encode("2")));
					$resLevelGD = $client->call('getStudentByLevelID',array('collogeCode'=>base64_encode($_Config_college_code),'statusId'=>base64_encode("3")));
					
					$dataYear = split(',',$resYear);
					$dataProgram = split(',',$resProgram);
					$dataProvince = split(',',$resProvince);
					$dataLevelNew = split(',',$resLevelNew[0]);
					$dataAdmitAcadYearNew = split(',',$resLevelNew[1]);
					$dataLevelAll = split(',',$resLevelAll[0]);
					$dataAdmitAcadYearAll = split(',',$resLevelAll[1]);
					$dataLevelGD = split(',',$resLevelGD[0]);					
					$dataAdmitAcadYearGD = split(',',$resLevelGD[1]);
					
					$status = false;
			  		for($i=0;$icall('getStudentByYear',array('admitAcadYear'=>base64_encode($dataYear[$i]) , 'collogeCode'=>base64_encode($_Config_college_code))); 
						if($resultYear[4] == "1") $status = true;
					}
			  ?>  
			  call('getStudentByProgram',array('programId'=>base64_encode($dataProgram[$i]) , 'collogeCode'=>base64_encode($_Config_college_code))); 
						if($resultProgram[4] == "1") $status = true;
					}
			  ?>	     	
			   call('getStudentByProvince',array('provinceId'=>base64_encode($dataProvince[$i]) , 'collogeCode'=>base64_encode($_Config_college_code))); 
						if($resultProvince[4] == "1") $status = true;
					}
			  ?>
			   call('getStudentByLevel',array('levelId'=>base64_encode($dataLevelNew[$i]) , 'collogeCode'=>base64_encode($_Config_college_code),'admitAcadYear'=>base64_encode($dataAdmitAcadYearNew[$i]),'statusId'=>base64_encode("1"))); 
						if($resultLevel[6] == "1") $status = true;
					}
			  ?>
			   
          	
          	

          	  ยืนยันการส่งข้อมูล
          	  

          	

          	  ข้อมูล
          	  สถานะ
        	  

			  

          	      ข้อมูลนักศึกษาจำแนกตามปีการศึกษา
          	  UPDATE":"INSERT"?>
        	  
 		
			  
			  

          	      ข้อมูลนักศึกษาจำแนกตามหลักสูตร
          	  UPDATE":"INSERT"?>
        	  

			  
			  

          	      ข้อมูลนักศึกษาจำแนกตามจังหวัด
          	  UPDATE":"INSERT"?>
        	  

			  
			  

          	      ข้อมูลนักศึกษาจำแนกตามระดับการศึกษา
          	  UPDATE":"INSERT"?>
        	  
		  
			  
			  

          	  
			  		  
			  
          	  
        	
	      

		
bool(false)

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0058 ]--