Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/nusoap/ drwxr-xr-x | |
| Viewing file: Select action/file-type: <?
//Pull in the NuSOAP code
require_once('lib/nusoap/nusoap.php');
//Create the server instance
$server = new soap_server();
//Register the method to expose
$server->register('test');
$server->register('getResearchID');
$server->register('getResearchTB');
$server->register('getResearchCharTB');
$server->register('getResearchFileTB');
$server->register('getResearchPublicTB');
$server->register('getResearchSuccessTB');
//Define the method as a PHP function
function test(){
$txt = "Hello World";
return $txt;
}
function getResearchID($tableName){
include_once "../include/Config.php";
include_once "class/clsConnection.php";
include_once "class/clsDB.php";
$hostname = $ServerName;
$dbname = $DataBaseName;
$username = $UserName;
$password = $UserPassword;
$conn = new clsConnection("$hostname","$dbname","$username","$password");
$sql = "select * from $tableName";
$result = mysql_query($sql);
$row = mysql_num_rows($result);
switch($tableName){
case "research_tb" :
for($i=0;$i<$row;$i++){
$researchID = $i == 0 ? mysql_result($result,$i,"Research_code") : $researchID.",".mysql_result($result,$i,"Research_code");
}
break;
case "research_char_tb" :
for($i=0;$i<$row;$i++){
$researchID = $i == 0 ? mysql_result($result,$i,"RecharId") : $researchID.",".mysql_result($result,$i,"RecharId");
}
break;
case "research_file_tb" :
for($i=0;$i<$row;$i++){
$researchID = $i == 0 ? mysql_result($result,$i,"Research_Id") : $researchID.",".mysql_result($result,$i,"Research_Id");
}
break;
case "research_public_tb" :
for($i=0;$i<$row;$i++){
$researchID = $i == 0 ? mysql_result($result,$i,"RepbCo") : $researchID.",".mysql_result($result,$i,"RepbCo");
}
break;
case "research_success_tb" :
for($i=0;$i<$row;$i++){
$researchID = $i == 0 ? mysql_result($result,$i,"ResuccessId") : $researchID.",".mysql_result($result,$i,"ResuccessId");
}
break;
}
return $researchID;
}
function getResearchTB($researchCode){
include_once "../include/Config.php";
include_once "class/clsConnection.php";
include_once "class/clsDB.php";
$hostname = $ServerName;
$dbname = $DataBaseName;
$username = $UserName;
$password = $UserPassword;
$conn = new clsConnection("$hostname","$dbname","$username","$password");
$sql = "select * from research_tb where Research_code = '$researchCode' limit 1";
$result = mysql_query($sql);
$data[0] = base64_encode(mysql_result($result,0,0));
$data[1] = base64_encode(mysql_result($result,0,1));
$data[2] = base64_encode(mysql_result($result,0,2));
$data[3] = base64_encode(mysql_result($result,0,3));
$data[4] = base64_encode(mysql_result($result,0,4));
$data[5] = base64_encode(mysql_result($result,0,5));
$data[6] = base64_encode(mysql_result($result,0,6));
$data[7] = base64_encode(mysql_result($result,0,7));
$data[8] = base64_encode(mysql_result($result,0,8));
$data[9] = base64_encode(mysql_result($result,0,9));
$data[10] = base64_encode(mysql_result($result,0,10));
$data[11] = base64_encode(mysql_result($result,0,11));
$data[12] = base64_encode(mysql_result($result,0,12));
$data[13] = base64_encode(mysql_result($result,0,13));
$data[14] = base64_encode(mysql_result($result,0,14));
$data[15] = base64_encode(mysql_result($result,0,15));
$data[16] = base64_encode(mysql_result($result,0,16));
$data[17] = base64_encode(mysql_result($result,0,17));
$data[18] = base64_encode(mysql_result($result,0,18));
$data[19] = base64_encode(mysql_result($result,0,19));
$data[20] = base64_encode(mysql_result($result,0,20));
$data[21] = base64_encode(mysql_result($result,0,21));
$data[22] = base64_encode(mysql_result($result,0,22));
$data[23] = base64_encode(mysql_result($result,0,23));
$data[24] = base64_encode(mysql_result($result,0,24));
$data[25] = base64_encode(mysql_result($result,0,25));
$data[26] = base64_encode(mysql_result($result,0,26));
$data[27] = base64_encode(mysql_result($result,0,27));
$data[28] = base64_encode(mysql_result($result,0,28));
$data[29] = base64_encode(mysql_result($result,0,29));
$data[30] = base64_encode(mysql_result($result,0,30));
$data[31] = base64_encode(mysql_result($result,0,31));
$data[32] = base64_encode(mysql_result($result,0,32));
$data[33] = base64_encode(mysql_result($result,0,33));
$data[34] = base64_encode(mysql_result($result,0,34));
$conn->Disconnect();
return $data;
}
function getResearchCharTB($researchCode){
include_once "../include/Config.php";
include_once "class/clsConnection.php";
include_once "class/clsDB.php";
$hostname = $ServerName;
$dbname = $DataBaseName;
$username = $UserName;
$password = $UserPassword;
$conn = new clsConnection("$hostname","$dbname","$username","$password");
$sql = "select * from research_char_tb where RecharId = '$researchCode' limit 1";
$result = mysql_query($sql);
$data[0] = base64_encode(mysql_result($result,0,0));
$data[1] = base64_encode(mysql_result($result,0,1));
$data[2] = base64_encode(mysql_result($result,0,2));
$data[3] = base64_encode(mysql_result($result,0,3));
$data[4] = base64_encode(mysql_result($result,0,4));
$data[5] = base64_encode(mysql_result($result,0,5));
$data[6] = base64_encode(mysql_result($result,0,6));
$conn->Disconnect();
return $data;
}
function getResearchFileTB($researchCode){
include_once "../include/Config.php";
include_once "class/clsConnection.php";
include_once "class/clsDB.php";
$hostname = $ServerName;
$dbname = $DataBaseName;
$username = $UserName;
$password = $UserPassword;
$conn = new clsConnection("$hostname","$dbname","$username","$password");
$sql = "select * from research_file_tb where Research_Id = '$researchCode' limit 1";
$result = mysql_query($sql);
$data[0] = base64_encode(mysql_result($result,0,0));
$data[1] = base64_encode(mysql_result($result,0,1));
$data[2] = base64_encode(mysql_result($result,0,2));
$data[3] = base64_encode(mysql_result($result,0,3));
$data[4] = base64_encode(mysql_result($result,0,4));
$data[5] = base64_encode(mysql_result($result,0,5));
$data[6] = base64_encode(mysql_result($result,0,6));
$data[7] = base64_encode(mysql_result($result,0,7));
$data[8] = base64_encode(mysql_result($result,0,8));
$data[9] = base64_encode(mysql_result($result,0,9));
$data[10] = base64_encode(mysql_result($result,0,10));
$data[11] = base64_encode(mysql_result($result,0,11));
$conn->Disconnect();
return $data;
}
function getResearchPublicTB($researchCode){
include_once "../include/Config.php";
include_once "class/clsConnection.php";
include_once "class/clsDB.php";
$hostname = $ServerName;
$dbname = $DataBaseName;
$username = $UserName;
$password = $UserPassword;
$conn = new clsConnection("$hostname","$dbname","$username","$password");
$sql = "select * from research_public_tb where RepbCo = '$researchCode' limit 1";
$result = mysql_query($sql);
$data[0] = base64_encode(mysql_result($result,0,0));
$data[1] = base64_encode(mysql_result($result,0,1));
$data[2] = base64_encode(mysql_result($result,0,2));
$data[3] = base64_encode(mysql_result($result,0,3));
$data[4] = base64_encode(mysql_result($result,0,4));
$data[5] = base64_encode(mysql_result($result,0,5));
$data[6] = base64_encode(mysql_result($result,0,6));
$data[7] = base64_encode(mysql_result($result,0,7));
$data[8] = base64_encode(mysql_result($result,0,8));
$data[9] = base64_encode(mysql_result($result,0,9));
$data[10] = base64_encode(mysql_result($result,0,10));
$data[11] = base64_encode(mysql_result($result,0,11));
$data[12] = base64_encode(mysql_result($result,0,12));
$data[13] = base64_encode(mysql_result($result,0,13));
$data[14] = base64_encode(mysql_result($result,0,14));
$data[15] = base64_encode(mysql_result($result,0,15));
$data[16] = base64_encode(mysql_result($result,0,16));
$data[17] = base64_encode(mysql_result($result,0,17));
$data[18] = base64_encode(mysql_result($result,0,18));
$data[19] = base64_encode(mysql_result($result,0,19));
$data[20] = base64_encode(mysql_result($result,0,20));
$data[21] = base64_encode(mysql_result($result,0,21));
$data[22] = base64_encode(mysql_result($result,0,22));
$data[23] = base64_encode(mysql_result($result,0,23));
$data[24] = base64_encode(mysql_result($result,0,24));
$data[25] = base64_encode(mysql_result($result,0,25));
$data[26] = base64_encode(mysql_result($result,0,26));
$data[27] = base64_encode(mysql_result($result,0,27));
$data[28] = base64_encode(mysql_result($result,0,28));
$data[29] = base64_encode(mysql_result($result,0,29));
$data[30] = base64_encode(mysql_result($result,0,30));
$data[31] = base64_encode(mysql_result($result,0,31));
$data[32] = base64_encode(mysql_result($result,0,32));
$data[33] = base64_encode(mysql_result($result,0,33));
$conn->Disconnect();
return $data;
}
function getResearchSuccessTB($researchCode){
include_once "../include/Config.php";
include_once "class/clsConnection.php";
include_once "class/clsDB.php";
$hostname = $ServerName;
$dbname = $DataBaseName;
$username = $UserName;
$password = $UserPassword;
$conn = new clsConnection("$hostname","$dbname","$username","$password");
$sql = "select * from research_success_tb where ResuccessId = '$researchCode' limit 1";
$result = mysql_query($sql);
$data[0] = base64_encode(mysql_result($result,0,0));
$data[1] = base64_encode(mysql_result($result,0,1));
$data[2] = base64_encode(mysql_result($result,0,2));
$data[3] = base64_encode(mysql_result($result,0,3));
$data[4] = base64_encode(mysql_result($result,0,4));
$data[5] = base64_encode(mysql_result($result,0,5));
$conn->Disconnect();
return $data;
}
//Use the request to (try to) invoke the service
$HTTP_RAW_POST_DATA = isset($HTTP_RAW_POST_DATA) ? $HTTP_RAW_POST_DATA : '';
$server->service($HTTP_RAW_POST_DATA);
?> |
:: Command execute :: | |
:: Shadow's tricks :D :: | |
Useful Commands
|
|
:: Preddy's tricks :D :: | |
Php Safe-Mode Bypass (Read Files)
|
|
--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0061 ]-- |