!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/directorBCNU/admin/   drwxr-xr-x
Free 52.34 GB of 127.8 GB (40.95%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     receiveTSR.php (3.4 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

include_once("../../class/clsConnection.php");
include_once("../../class/clsDB.php");
include_once "../global.php";
include_once "../class/clsSendReceive.php";



$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);
$oTsr = new sendreceive($oC);
$oTsr2 = new sendreceive($oC);

    if($fn=='r1'){
    
        $tsr_DocSubject=str_replace ('_',' ',$tsr_DocSubject);
        $tsr_DocNo=str_replace ('_',' ',$tsr_DocNo);
        $tsr_DocFrom=str_replace ('_',' ',$tsr_DocFrom);
        $tsr_DocTo=str_replace ('_',' ',$tsr_DocTo);
        $tsr_DocRef=str_replace ('_',' ',$tsr_DocRef);
        $tsr_DocOther=str_replace ('_',' ',$tsr_DocOther);
        $tsr_DocShortDesc=str_replace ('_',' ',$tsr_DocShortDesc);
        $tsr_docname=str_replace ('_',' ',$tsr_docname);    
    
    
        $oTsr2->SearchBytsr_id_send_tsr_fr_node($tsr_id_send,$tsr_fr_node);
        if($oTsr2->GetRecord()==0){
            $oTsr->AddNew();
            $oTsr->tsr_fr_node=$tsr_fr_node;
            $oTsr->tsr_fr_node_date=$tsr_fr_node_date;
            $oTsr->tsr_to_node=$tsr_to_node;
            $oTsr->tsr_to_node_date=getNowDateTh()." ".date('H:i:s');
            $oTsr->tsr_docid=$tsr_docid;
            $oTsr->tsr_doc_url=$tsr_doc_url;
            $oTsr->tsr_doc_chksum=$tsr_doc_chksum;
            $oTsr->tsr_status='r1';
            $oTsr->tsr_id_send=$tsr_id_send;
            $oTsr->tsr_docgroup=$tsr_docgroup;
            $oTsr->tsr_DrsID=$tsr_DrsID;
            $oTsr->tsr_DocSubject=$tsr_DocSubject;
            $oTsr->tsr_DocNo=$tsr_DocNo;
            $oTsr->tsr_DocDate=$tsr_DocDate;
            $oTsr->tsr_DocFrom=$tsr_DocFrom;
            $oTsr->tsr_DocTo=$tsr_DocTo;
            $oTsr->tsr_DocRef=$tsr_DocRef;
            $oTsr->tsr_DocOther=$tsr_DocOther;
            $oTsr->tsr_DslID=$tsr_DslID;
            $oTsr->tsr_DclID=$tsr_DclID;
            $oTsr->tsr_DocShortDesc=$tsr_DocShortDesc;
            $oTsr->tsr_PtID=$tsr_PtID;
            $oTsr->tsr_DtID=$tsr_DtID;
            $oTsr->tsr_docname=$tsr_docname;
            $oTsr->tsr_DrsDocDueDate=$tsr_DrsDocDueDate;
            $oTsr->tsr_statusDocAtt=$tsr_statusDocAtt;
            $oTsr->Save();
        }else{
            $oTsr->Edit();
            $oTsr->tsr_fr_node=$tsr_fr_node;
            $oTsr->tsr_fr_node_date=$tsr_fr_node_date;
            $oTsr->tsr_to_node=$tsr_to_node;
            $oTsr->tsr_to_node_date=$oTsr->tsr_to_node_date;
            $oTsr->tsr_docid=$tsr_docid;
            $oTsr->tsr_doc_url=$tsr_doc_url;
            $oTsr->tsr_doc_chksum=$tsr_doc_chksum;
            $oTsr->tsr_status=$oTsr->tsr_status;
            $oTsr->tsr_id_send=$tsr_id_send;
            $oTsr->tsr_docgroup=$tsr_docgroup;
            $oTsr->tsr_DrsID=$tsr_DrsID;
            $oTsr->tsr_DocSubject=$tsr_DocSubject;
            $oTsr->tsr_DocNo=$tsr_DocNo;
            $oTsr->tsr_DocDate=$tsr_DocDate;
            $oTsr->tsr_DocFrom=$tsr_DocFrom;
            $oTsr->tsr_DocTo=$tsr_DocTo;
            $oTsr->tsr_DocRef=$tsr_DocRef;
            $oTsr->tsr_DocOther=$tsr_DocOther;
            $oTsr->tsr_DslID=$tsr_DslID;
            $oTsr->tsr_DclID=$tsr_DclID;
            $oTsr->tsr_DocShortDesc=$tsr_DocShortDesc;
            $oTsr->tsr_PtID=$tsr_PtID;
            $oTsr->tsr_DtID=$tsr_DtID;
            $oTsr->tsr_docname=$tsr_docname;
            $oTsr->tsr_DrsDocDueDate=$tsr_DrsDocDueDate;
            $oTsr->tsr_statusDocAtt=$tsr_statusDocAtt;
            $oTsr->Save();        
        }
        echo 'mr';
    }
    
    if($fn=='r4'){
        $oTsr->SearchBytsr_id_send($tsr_id_send);
        $oTsr->GetRecord();                    
        $oTsr->Edit();
        $oTsr->tsr_status='r4';
        $oTsr->Save();
    }
    
    if($fn=='checkr3r4'){
        $oTsr->SearchBytsr_id_send_tsr_fr_node($tsr_id_send,$tsr_fr_node);
        $oTsr->GetRecord();
        echo $oTsr->tsr_status;    
    }
    function getNowDateTh() {
        $yy date('Y')+543;
        $mm date('m');
        $dd date('d');
        return $yy.'-'.$mm.'-'.$dd;
    }
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0064 ]--