!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/person/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     prePrintServiceMemoPDF.php (4.81 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
//PDF USING MULTIPLE PAGES
//FILE CREATED BY: Carlos Jos้ Vแsquez Sแez
//YOU CAN CONTACT ME: carlos@magallaneslibre.com
//FROM PUNTA ARENAS, MAGALLANES
//INOVO GROUP - http://www.inovo.cl


/**  Configuration  */
require_once( "../configuration.php" );
require_once( 
$_Config_absolute_path "/includes/connMySQL.class.php");    
require(
'../fpdf/fpdf.php');
        
    
/**  Create Database Object  */
$dbObj = new DBConn;
                
$query "SELECT *  FROM personal_tb 
LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId 
LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId 
LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code 
WHERE personal_tb.Teacher_code='"
.$_REQUEST['Teacher_code']."'";
$result $dbObj->execQuery($query);
$rs $dbObj->fetchArray($result);
        
//$query2 = "SELECT *  FROM durable_tb , durable_type_tb , accessories_type_tb WHERE durable_tb.duraId = '".$_REQUEST['duraId']."' and durable_tb.durableCode = durable_type_tb.durableCode and durable_tb.Acc_type_code = accessories_type_tb.Acc_type_code";
$query2 "SELECT *  FROM durable_tb WHERE duraId = '".$_REQUEST['duraId']."'";
$result2 $dbObj->execQuery($query2);
$rs2 $dbObj->fetchArray($result2);

$query3 "Select * From  college Where collegeStatus ='1'";
$result3 $dbObj->execQuery($query3);
$rs3 $dbObj->fetchArray($result3);

$query4 "SELECT * FROM personal_tb 
LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId 
LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId 
LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code 
Where personal_tb.Faculty_code = '"
.$rs['Faculty_code']."' and personal_tb.TeacherId = '1'";
$result4 $dbObj->execQuery($query4);
$rs4 $dbObj->fetchArray($result4);    

$query5 "SELECT *  FROM budget_year_tb";
$result5 $dbObj->execQuery($query5);
$rs5 $dbObj->fetchArray($result5); 

function 
getMonthTh($mm) {
    if(
$mm=='01') { $mm='มกราคม'; }
    else if(
$mm=='02') { $mm='กุมภาพันธ์'; }
    else if(
$mm=='03') { $mm='มีนาคม'; }
    else if(
$mm=='04') { $mm='เมษายน'; }
    else if(
$mm=='05') { $mm='พฤษภาคม';}
    else if(
$mm=='06') { $mm='มิถุนายน'; }
    else if(
$mm=='07') { $mm='กรกฎาคม'; }
    else if(
$mm=='08') { $mm='สิงหาคม'; }
    else if(
$mm=='09') { $mm='กันยายน'; }
    else if(
$mm=='10') { $mm='ตุลาคม';}
    else if(
$mm=='11') { $mm='พฤศจิกายน';}
    else if(
$mm=='12') { $mm='ธันวาคม'; }

    return 
"$mm";
}

//Create new pdf file
$pdf = new FPDF();

//Set thai font
$pdf->SetThaiFont();

$pdf->AddPage();

//-- Load Form Image to Background
$pdf->Image('../form/service_memo.jpg'30203297);

//-- Set Font
$pdf->SetFont('AngsanaNew','',15);

//-- College name and Date , Top-Right Position
$date explode("-",$rs2['add_updated']);
$day intval($date[2]);
$month getMonthTh(intval($date[1]));
$year intval($date[0]+543);

$pdf->Text(29,36.73,$rs3['collegeName']);

if(!empty(
$day)){
    
$pdf->SetXY(140,38.7);
    
$pdf->Cell(9,5,$day,0,0,'C');
    
$pdf->SetXY(156,38.7);
    
$pdf->Cell(25,5,$month,0,0,'C');
    
$pdf->SetXY(186.4,38.7);
    
$pdf->Cell(12,5,$year,0,0,'C');
}
else{
    
$pdf->SetXY(140,38.7);
    
$pdf->Cell(9,5,'-',0,0,'C');
    
$pdf->SetXY(156,38.7);
    
$pdf->Cell(25,5,'-',0,0,'C');
    
$pdf->SetXY(186.4,38.7);
    
$pdf->Cell(12,5,'-',0,0,'C');
}

//-- Set Font
$pdf->SetFont('AngsanaNew','',13);

//--  Request header
if(!empty($rs2['DuraNo'])){
    
$pdf->SetXY(13.5,38.7);
    
$pdf->Cell(33.5,5,$rs2['DuraNo'],0,0,'C');
}
else{
    
$pdf->SetXY(13.5,38.7);
    
$pdf->Cell(33.5,5,'-',0,0,'C');
}

$pdf->Text(19,50.5,$rs2['durableName']);

$pdf->Text(19,57.2,'ผู้อำนวยการ '.$rs3['collegeName']);

//-- Body
$pdf->SetXY(55,59.5);
$pdf->Cell(62,5,$rs['Faculty_name'],0,0,'C');

$pdf->SetXY(27,66.5);
$pdf->Cell(107.5,5,$rs2['Acc_name'],0,0,'C');

$pdf->SetXY(141,66.5);
$pdf->Cell(57.9,5,$rs2['Acc_code'],0,0,'C');

$pdf->SetXY(33,73.2);
$pdf->Cell(76,5,$rs2['Acc_type'],0,0,'C');

$pdf->SetXY(134,73.2);
$pdf->Cell(65,5,$rs2['Room_name'].'   '.$rs2['Room_code'],0,0,'C');

$pdf->SetXY(30,80.1);
$pdf->Cell(121,5,$rs2['Fix_History'],0,0,'C');

$pdf->SetXY(170,80.1);
$pdf->Cell(29.2,5,$rs5['Budget_year'],0,0,'C');

if(!empty(
$rs2['Store'])){
    
$pdf->SetXY(55,87);
    
$pdf->Cell(63,5,$rs2['Store'],0,0,'C');
}
else{
    
$pdf->SetXY(55,87);
    
$pdf->Cell(63,5,'-',0,0,'C');
}

$pdf->SetXY(148,87);
$pdf->Cell(51,5,$rs2['Status'],0,0,'C');

//-- signature
$pdf->SetXY(130.8,125.1);
$pdf->Cell(52.5,5,$rs['prefixName'].'  '.$rs['Teacher_name'].'  '.$rs['Teacher_lastname'],0,0,'C');
$pdf->SetXY(128.5,132);
$pdf->Cell(60,5,$rs['Position_name'],0,0,'C');

$pdf->SetXY(18,125.1);
$pdf->Cell(53,5,$rs4['prefixName'].'  '.$rs4['Teacher_name'].'  '.$rs4['Teacher_lastname'],0,0,'C');
$pdf->SetXY(17,132);
$pdf->Cell(62,5,$rs4['Position_name'],0,0,'C');

//Create file
$pdf->Output();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0111 ]--