110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage/teacher/ drwxr-xr-x Free 52.63 GB of 127.8 GB (41.18%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/ drwxr-xr-x
Free 52.63 GB of 127.8 GB (41.18%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: ComputerList.php (16.23 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

";
		echo "

ЎГШіТ·УЎТГ Login ЎиН№
";
		echo "";
		exit();
	} 
	else {
		/**  Configuration  */
		require_once( "../configuration.php" );
		require_once( $_Config_absolute_path . "/includes/framework.php" );
		require_once( "../include/Function.php" );
	
		/**  Create Database Object  */
		$dbObj = new DBConn;

		//=== SESSION
		$Username = $valid_user; 
		
		
		/**  Config Table for This Page  */
		$myTable1 = "personal_tb";
		$myTable2 = "formation_tb";
		
		$myTable2PK = "Code";
		
		/**  Table  -->  personal_tb  */
		$query1 = " SELECT *  FROM $myTable1  WHERE Username='$Username' ";
		$result1 = $dbObj->execQuery($query1);
		$rs1 = $dbObj->fetchObject($result1);
		
		$Teacher_code = $rs1->Teacher_code;
		
		/**  Paging */
		$page = $_GET['page'];
		if( $page == "" ) { $page = 1; }
		
		/**  ЁУ№З№ўйНБЩЕ µиН 1 Л№йТ  */
		$perpage = $_REQUEST['perpage'];
		if( $perpage == "" ) { $perpage = 10; }
		
		
		/**  Botton Name Action */
		$action = $_REQUEST['action'];
		$id = $_REQUEST['id'];
	
		if( isset($action) && !empty($action) ) {
			switch($action) {
				case "Delete" :
					$num = count($id);
					for( $i=0; $i<$num; $i++ ) {
						$qryDel = " DELETE FROM  formation_tb  WHERE Code='$id[$i]' ";
						$resultDel = $dbObj->runQuery($qryDel);
						$dbObj->freeresult($resultDel);
					}
				break;
			} # switch
		} # if
		
		
	} # else
 ?>




MIS -- Teacher








  
    
    
    execQuery($query);
		$numrows = $dbObj->_numrows;
		
		/**  Paging  */
		$display = ( !isset ($_GET['page']) ) ? 1 : $_GET['page'];
		$start = ( ($display * $limit) - $limit );
		/**  Paging  */
		
		if( isset($_GET['OrderBy']) ) {
			$query = " SELECT *  FROM $myTable2  WHERE Teacher_code='$Teacher_code'  ORDER BY $OrderBy $ASCDESC ";
		} 
		elseif( !isset($_GET['OrderBy']) ) {
			$query = " SELECT *  FROM $myTable2  WHERE Teacher_code='$Teacher_code'  ORDER BY $myTable2PK DESC ";
		}
		
		$query .= " LIMIT $start, $limit ";
		$result = $dbObj->execQuery($query);
    ?>
    
     
      
      
         
      
      
        Л№йТЛЕСЎ » ўйНБЩЕ·СиЗд»єШ¤ЕТЎГ » бЁй§«иНБа¤ГЧНўиТВбЕРНШ»ЎГім¤НБѕФЗаµНГм
      
      
         
      
      
        
        \n";
						echo "
                  
                    
                    \n";
						echo "
\n";
						//echo "\t   - ¤У¶ТБ·ХиБХГЩ» \n";
						echo "\t  - ¤У¶ТБ·ХиБХ¤№µСй§гЛБиЗС№№Хй \n";
						echo "\t   - ¤У¶ТБ·ХиБХ¤№µНєЗС№№Хй\n";
						
						echo "\n\n";
						echo  "
";


						$chk_date = substr(date("Y-m-d H:i:s"),-19,-9);
						
						if ( empty($page) ) {
							$page=1;
						}
					
						// µФґµиН database аѕЧиННиТ№ўйНБЩЕ	
						// ЛТЁУ№З№Л№йТ·Сй§ЛБґ
						//mysql_connect($host,$user,$passwd);
						//mysql_query("SET NAMES 'tis620'");
						$sql = " SELECT No  FROM webboard_data  WHERE Teacher_code='$Teacher_code' ";
						$result = mysql_db_query($dbname,$sql);
						@$NRow = mysql_num_rows($result);
						
						@$rt = ($NRow%$list_page);
						if($rt!=0) { 
							$totalpage = floor($NRow/$list_page)+1; 
						}
						else {
							@$totalpage = floor($NRow/$list_page); 
						}
						$goto = ($page-1)*$list_page;
					
					
						// Query ўйНБЩЕµТБЁУ№З№·ХиЎУЛ№ґ
						$sql = " SELECT *  FROM webboard_data  WHERE  Teacher_code='$Teacher_code'  ORDER BY No DESC  LIMIT $goto,$list_page ";
						$result = mysql_db_query($dbname,$sql);
						@$NRow = mysql_num_rows($result);
					
						if( $NRow==0 ) { 
							echo "";
							echo "
";
							echo "ВС§дБиБХ¤У¶ТБ аБЧиНдЛГиЁРБХ№йН

\n";
							echo "";
						}
						// бКґ§ЛСЗўйНўН§єНГмґ
						else {
							echo "\n";
							echo "\n";
							echo "\t\n";
							echo "\t\n";
							echo "\t\n";
							echo "\t\n";
							echo "\n\n";
					
							// З№ЕЩ»бКґ§ўйНБЩЕ·ХиНиТ№дґй
							while ($row = mysql_fetch_array($result)) {
								
								// ЎУЛ№ґКХўН§µТГТ§ аѕЧиНгЛйБХЎТГКЕСєКХ
								//$bgc = ($bgc=="lightcyan") ? "powderblue" : "lightcyan";
					
								$bgc = ($bgc==$rowColor1) ? $rowColor2 : $rowColor1; 
					
								// ЎУЛ№ґ¤иТµСЗб»Г
								$No = sprintf("%05d",$row["No"]);
								$Question = $row["Question"];
								$Name = $row["Name"];
								$Namer = $row["Namer"];
								$Member = $row["Member"];
								$Memberr = $row["Memberr"];
								$nphoto = $row["nphoto"];
								$ckDate = trim(substr($row["Date"],-19,-9)); // бКґ§а©ѕТРЗС№·Хи
								$Date = convert_date($row["Date"]);
								$Reply = $row["Reply"];
					
								$ckReplyDate = trim(substr($row["ReplyDate"],-19,-9)); 
								$ReplyDate = convert_date($row["ReplyDate"]);
								$pageviewdata = $row["pageview"];
								// бКґ§а©ѕТРЗС№·Хи
								if($Date==$chk_date) {
									echo "\n";
								} 
								elseif($ReplyDate==$chk_date) {
									echo "\n";	
								} 
								else {
									echo "\n";			
								}
								// бКґ§ГЩ» folder
								
								////new
									 
								if($Reply>="3" ) {
									echo "\t\n";
								}
								elseif($ReplyDate!="") {
									echo "\t\n";
								} 
								elseif($Date==$chk_date) {
									echo "\t\n";
								} 
								else {
									echo "\t\n";
								}
					
					
								if( ($ckReplyDate==$chk_date) && ($nphoto!='') && ($ckDate==$chk_date) ) {
									echo "\t\n";
								}
								elseif( ($ckReplyDate==$chk_date) && ($nphoto!='') ) {
									echo "\t\n";
								}
								elseif( ($ckReplyDate==$chk_date) && ($ckDate==$chk_date) ) {
									echo "\t\n";
								} 
								elseif( $ckReplyDate==$chk_date ) {
									echo "\t\n";
								} 
								elseif( ($nphoto!='') && ($ckDate==$chk_date) ) {
									echo "\t\n";
								} 
								elseif($nphoto!='') {
									echo "\t\n";
								} 
								elseif( $ckDate==$chk_date ) {
									echo "\t\n";
								} 
								else {
									echo "\t\n";
								}			
					
								if( $Member ) {
									echo "\t\n";
								}
								else {
									echo "\t\n";
								}
								
								// µГЗЁКНєЗиТБХ¤№µНє¤У¶ТБЛГЧНВС§
								if($Memberr) {
									if($ckReplyDate!="" ) {
										echo "\t\n";
									}
									else {
										echo "\t\n";
									}
									echo "\n\n";
								} else {
									if($ckReplyDate!="" ) {
										echo "\t\n";
									}
									else {
										echo "\t\n";
									}
									echo "\n\n";
								} # else
							
							} # while
							echo "¤У¶ТБ·Хи ¤У¶ТБ-[ЁУ№З№¤УµНє] [ЁУ№З№¤№аўйТНиТ№] јЩй¶ТБ[ЗС№·Хи¶ТБ] јЩйµНє[ЗС№·ХиµНє]
 $No  $No  $No  $No $Question   [ $Reply ] [ $pageviewdata ] $Question   [ $Reply ] [ $pageviewdata ] $Question    [ $Reply ] [ $pageviewdata ] $Question   [ $Reply ]   [ $pageviewdata ] $Question   [ $Reply ] [ $pageviewdata ] $Question   [ $Reply ] [ $pageviewdata ] $Question   [ $Reply ] [ $pageviewdata ] $Question [ $Reply ] [ $pageviewdata ] $Name   [$Date] $Name  [$Date] $Namer  [$ReplyDate]  ВС§дБиБХ¤№µНє 
 $Namer [$ReplyDate]  ВС§дБиБХ¤№µНє \n\n";
							
							// table НёФєТВ¤ЗТБЛБТВўН§ГЩ»
							echo "\n";
							echo "\n";
							echo "\n";
							echo "\t - ¤У¶ТБгЛБи \n";
							echo "\t - ¤У¶ТБаЎиТ \n";
							echo "\t - ¤У¶ТБ·Хи¶ЩЎµНєбЕйЗ\n";
							echo "\t - ¤У¶ТБ·ХиБХ¤№µНєБТЎ\n";
							echo "\t - ¤У¶ТБ·ХиБХГЩ»\n";
							echo "\t - КБТЄФЎаЗзєєНГмґ\n";
							echo "\n\n";
					
							// table бКґ§аЕўЛ№йТ
							echo "\n";
							echo "\n";
							echo "\n";
							echo "\n";
							echo "\t\n";
					
							// КГйТ§ link аѕЧиНд»Л№йТЎиН№-Л№йТ¶Сґд»
							if($page>1 && $page<=$totalpage) {
								$prevpage = $page-1;
								echo "\t[Л№йТЎиН№ = $prevpage]\n";
							}
					
							echo "\t ЎУЕС§бКґ§Л№йТ·Хи $page/$totalpage \n";
					
							if($page!=$totalpage) {
								$nextpage = $page+1;
								echo "\t[Л№йТ¶Сґд» = $nextpage]\n";
							}
					
							echo "\t\n";
							echo "
\n";
					
							// З№ЕЩ»бКґ§аЕўЛ№йТ·Сй§ЛБґ
							for($i=1 ; $i<$page ; $i++) {
								echo "\t$i \n";
							}
							echo "\t$page \n";
							
							for($i=$page+1 ; $i<=$totalpage ; $i++) {
								echo "\t$i \n";
							}
						
							echo "\n";
							
						} # else
					?>

freeresult($result1); /** Close the Database */ $dbObj->disconn(); /** Unset Class */ unset($dbObj); ?>
bool(false)

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0046 ]--