Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/nusoap/ drwxr-xr-x |
Viewing file: client.php (2.36 KB) -rw-r--r-- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) | <? require_once('lib/nusoap/nusoap.php'); //$client = new soapclient("http://118.175.19.15/mis/centralize/admin/response.php"); //$result = $client->call('SubmitUpdate',array('collegeID'=>'03')); //$result = $client->call('getUpdateInfo',array('queryID'=>'1')); //print_r($tmp); $client = new soapclient('http://202.29.105.1/emanage/nusoap/server.php'); //$client = new soapclient('http://202.29.105.1/emanage/nusoap/server.php'); //$result = $client->call('getResearchTB',array('researchCode'=>'2')); //$result = $client->call('test'); $result = $client->call('getResearchID',array('tableName'=>'research_tb')); //$result = $client->call('getResearchID',array('tableName'=>'research_char_tb')); //$result = $client->call('getResearchID',array('tableName'=>'research_file_tb')); //$result = $client->call('getResearchID',array('tableName'=>'research_public_tb')); //$result = $client->call('getResearchID',array('tableName'=>'research_success_tb')); //$result = $client->call('getResearchCharTB',array('researchCode'=>'1')); //$result = $client->call('getResearchCharTB',array('researchCode'=>'1')); ?> <meta http-equiv="Content-Type" content="text/html; charset=tis-620"> <? //$msg = ""; //for($i=0;$i<sizeof($result);$i++){ //echo base64_decode($result[0])." ,".base64_decode($result[1])." ,".base64_decode($result[2])." ,".base64_decode($result[3])." ,".base64_decode($result[4])." ,".base64_decode($result[5])." ,".base64_decode($result[6])." ,".base64_decode($result[7])." ,".base64_decode($result[8]); //$msg = $msg.base64_decode($result[$i]).","; //} //echo $msg; $data = split(',',$result); //print_r($data); //echo sizeof($data); //echo $result; //echo $data; for($i=0;$i<sizeof($data);$i++){ $result = $client->call('getResearchTB',array('researchCode'=>$data[$i])); //$result = $client->call('getResearchCharTB',array('researchCode'=>$data[$i])); //$result = $client->call('getResearchFileTB',array('researchCode'=>$data[$i])); //$result = $client->call('getResearchPublicTB',array('researchCode'=>$data[$i])); //$result = $client->call('getResearchSuccessTB',array('researchCode'=>$data[$i])); $msg = ""; for($n=0;$n<sizeof($result);$n++){ $msg = $n == 0 ? base64_decode($result[$n]) : $msg.",".base64_decode($result[$n]); } $msg .= "<br>"; echo $msg; } ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0053 ]-- |