!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/director/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     DentisByday.php (7.12 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
 session_start
();
if (
session_is_registered("valid_user"))
{
$Username $valid_user;
include(
"../include/FunctionDB.php");
include(
"admin_menu.php");
include(
"../include/Function.php");
 
ConnectDB();
 
$sql1 "SELECT * FROM  massege_db  Where massegeId='$massegeId'";
$result mysql_query($sql1);
 
$rs mysql_fetch_array($result);
$sql "SELECT * FROM accountMed_db   Where   massegeId='$massegeId'  GROUP By  Date ";
$result mysql_query($sql);
$num mysql_num_rows($result);

?> 

<meta http-equiv="Content-Type" content="text/html; charset=TIS-620">

<style type="text/css">
<!--
.style10 {font-size: 14px}
-->
</style>
<table width="815" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td width="815" ><br />
        <fieldset>
        <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="menu_thaimed.php">หน้าหลัก</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle" /><a href="AddLab.php">เ</a>แสดงข้อมูลรายวัน</font></legend>
          <label> </label>
        <div align="center">
          <form action="Serachperson.php" method="get" name="form1" id="form1">
            <p align="left"><font size="2" face="Tahoma"><img src="../picture/previous.gif" onclick="window.history.back()"  width="85" height="22" border="0" /></font></p>
            <table width="55%" border="0" cellpadding="0" cellspacing="0" bordercolor="#999999" style="background-color:#eeeeee; border:0px solid gray"size="12">
              
              <tr bgcolor="#CCCCCC">
                <td colspan="3" bordercolor="#999966" bgcolor="#FFFFFF" style="border:0px solid gray"><span class="style10"><font color="#996600" face="Tahoma">
                  <?php
         $massegeId
=  $rs["massegeId"];
         
$sql "Select * From massege_db  Where massegeId='$massegeId'";
          
$result1 mysql_query($sql) or die("Error".mysql_error());
          
$rss mysql_fetch_array($result1);
          echo 
"$rss[First_name] $rss[Name] $rss[Lastname]";
         
?>
                </font></span></td>
              </tr>
              <tr bgcolor="#CCCCCC">
                <td width="8%" bordercolor="#999966" style="border:0px solid gray"><div align="center" class="style10"><font color="#000000" face="Tahoma">No.</font></div></td>
                <td width="49%" bordercolor="#999966" style="border:0px solid gray"><div align="center" class="style10"><font face="Tahoma">วันที่</font></div></td>
                <td width="43%" bordercolor="#999966" style="border:0px solid gray"><div align="center" class="style10"><font face="Tahoma">จำนวนเงินรับตามวัน</font></div></td>
              </tr>
              <?php
$i 
1;
 while(
$row mysql_fetch_array($result))
 {

     if(
$count==0)
     {
?>
              <tr >
                <td align="center" bgcolor="#ECF5FF" ><strong>
                  <div align="center"><font color="#996600" size="2" face="Tahoma">
                    <?=$i?>
                  </font></div>
                </strong></td>
                <td align="center" bgcolor="#ECF5FF" ><div align="left"><font color="#003333" size="2" face="Tahoma"><a href="FrmDentis.php?massegeId=<?=$row["massegeId"]?>&Date=<?= $row["Date"]?>"title="คลิกดูเพื่อพิมพ์ใบรายการค่าใช้จ่าย " class="d" >
                  <?php        $sday $row[Date];
    
$yearthai explode("-",$sday);
    
$day =      intval($yearthai[2]);
    
$month =  intval($yearthai[1]);
    
$year =     intval($yearthai[0]);     
          
//////////////////
 //   $yearthai =  $day ;
  
$m getThaiSubMonth($month);
     echo
"$day"." "."$m"." "."$year";
    
?>
                </a></font><font color="#996600" size="2" face="Tahoma"><a href="FrmDentisday.php?Date=<?=$row["Date"]?>&massegeId=<?= $row["massegeId"?>"title="Click to see Detail" class="d"></a></font> </div></td>
                <td align="center" bgcolor="#ECF5FF" ><strong><font color="#993333" size="2" face="Tahoma"><strong><font color="#993333" size="2" face="Tahoma">
                  <?php
                $Date 
=  $row["Date"];
         
$sql3 "Select Sum(Cost_total) as Sum From   accountMed_db  Where   massegeId='$massegeId'   and  Date='$Date' "
         
$result3 mysql_query($sql3) or die("Error".mysql_error());
         
$rss3 mysql_fetch_array($result3);
         echo 
number_format($rss3['Sum'],2,'.',','); 
    
         
?>
                </font></strong></font></strong></td>
              </tr>
              <?
    $count
=1;
     }
else
{
?>
              <tr>
                <td align="center" bordercolor="#999966" bgcolor="#FFFFFF" ><font color="#996600" size="2" face="Tahoma">
                  <?=$i?>
                </font></td>
                <td height="18" align="center" bgcolor="#FFFFFF" ><div align="left"><font color="#996600" size="2" face="Tahoma"> </font><font color="#003333" size="2" face="Tahoma"><a href="FrmDentis.php?massegeId=<?=$row["massegeId"]?>&Date=<?= $row["Date"]?>"title="คลิกดูเพื่อพิมพ์ใบรายการค่าใช้จ่าย " class="d" >
                  <?php 
       $sday 
$row[Date];
    
$yearthai explode("-",$sday);
    
$day =      intval($yearthai[2]);
    
$month =  intval($yearthai[1]);
    
$year =     intval($yearthai[0]);     
          
//////////////////
 //   $yearthai =  $day ;
  
$m getThaiSubMonth($month);
     echo
"$day"." "."$m"." "."$year";
    
?>
                </a></font><font color="#996600" size="2" face="Tahoma"><a href="FrmDentisday.php?Date=<?=$row["Date"]?>&amp;&amp;Teacher_code=<?= $row["Teacher_code"?>"title="Click to see Detail" class="d"></a></font></div></td>
                <td align="center" bgcolor="#FFFFFF" ><strong><font color="#993333" size="2" face="Tahoma"><strong><font color="#993333" size="2" face="Tahoma">
                  <?php
                $Date 
=  $row["Date"];
         
$sql3 "Select Sum(Cost_total) as Sum From   accountMed_db  Where   massegeId='$massegeId'   and  Date='$Date' "
         
$result3 mysql_query($sql3) or die("Error".mysql_error());
         
$rss3 mysql_fetch_array($result3);
         echo 
number_format($rss3['Sum'],2,'.',','); 
    
         
?>
                </font></strong></font></strong></td>
              </tr>
              <?
$count
=0;
}
$i++;
 }    

?>
              <tr>
                <td height="25" colspan="3" align="center" bgcolor="#FFFFFF"><div align="center" class="style10"><font color="#000000" face="Tahoma">ทั้งหมด</font><font color="#993333" face="Tahoma"> <? echo $num ?></font> <font color="#000000" face="Tahoma">วัน</font> </div></td>
              </tr>
            </table>
          </form>
        </div>
      </fieldset>
      <br />
        <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>หมายเหตุ :</b> ใช้เมาส์คลิกที่ชื่อ<br />
      </font></td>
  </tr>
</table>
<?php 
    
}
else
{
    echo
"<body bgcolor=\"#CCCCCC\">";
     echo
"<meta http-equiv=\"refresh\" content=\"3;URL=../logout.php\" target=\"mainFrame\">\n";
     echo
"<center>";
      echo
"<br><br><br><b><font face=\"Tahoma\" size=\"4\" color=\"#FF0000\">Please Login</font> </b><br>";
      echo
"<br><br><font face=\"Tahoma\" size=\"10\" color=\"#000000\"> ERROR 404 PERMISION DENY</font><br>";
      echo
"<br><font face=\"Tahoma\" size=\"4\" color=\"#000000\"> คุณไม่มสิทธ์ใช้งาน</font>";
      echo
"</center>";
      echo
"</body>";

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0145 ]--