!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/admin/   drwxr-xr-x
Free 50.9 GB of 127.8 GB (39.82%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     receiveTSR.php (3.4 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

include_once("../../class/clsConnection.php");
include_once(
"../../class/clsDB.php");
include_once 
"../global.php";
include_once 
"../class/clsSendReceive.php";



$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);
$oTsr = new sendreceive($oC);
$oTsr2 = new sendreceive($oC);

    if(
$fn=='r1'){
    
        
$tsr_DocSubject=str_replace ('_',' ',$tsr_DocSubject);
        
$tsr_DocNo=str_replace ('_',' ',$tsr_DocNo);
        
$tsr_DocFrom=str_replace ('_',' ',$tsr_DocFrom);
        
$tsr_DocTo=str_replace ('_',' ',$tsr_DocTo);
        
$tsr_DocRef=str_replace ('_',' ',$tsr_DocRef);
        
$tsr_DocOther=str_replace ('_',' ',$tsr_DocOther);
        
$tsr_DocShortDesc=str_replace ('_',' ',$tsr_DocShortDesc);
        
$tsr_docname=str_replace ('_',' ',$tsr_docname);    
    
    
        
$oTsr2->SearchBytsr_id_send_tsr_fr_node($tsr_id_send,$tsr_fr_node);
        if(
$oTsr2->GetRecord()==0){
            
$oTsr->AddNew();
            
$oTsr->tsr_fr_node=$tsr_fr_node;
            
$oTsr->tsr_fr_node_date=$tsr_fr_node_date;
            
$oTsr->tsr_to_node=$tsr_to_node;
            
$oTsr->tsr_to_node_date=getNowDateTh()." ".date('H:i:s');
            
$oTsr->tsr_docid=$tsr_docid;
            
$oTsr->tsr_doc_url=$tsr_doc_url;
            
$oTsr->tsr_doc_chksum=$tsr_doc_chksum;
            
$oTsr->tsr_status='r1';
            
$oTsr->tsr_id_send=$tsr_id_send;
            
$oTsr->tsr_docgroup=$tsr_docgroup;
            
$oTsr->tsr_DrsID=$tsr_DrsID;
            
$oTsr->tsr_DocSubject=$tsr_DocSubject;
            
$oTsr->tsr_DocNo=$tsr_DocNo;
            
$oTsr->tsr_DocDate=$tsr_DocDate;
            
$oTsr->tsr_DocFrom=$tsr_DocFrom;
            
$oTsr->tsr_DocTo=$tsr_DocTo;
            
$oTsr->tsr_DocRef=$tsr_DocRef;
            
$oTsr->tsr_DocOther=$tsr_DocOther;
            
$oTsr->tsr_DslID=$tsr_DslID;
            
$oTsr->tsr_DclID=$tsr_DclID;
            
$oTsr->tsr_DocShortDesc=$tsr_DocShortDesc;
            
$oTsr->tsr_PtID=$tsr_PtID;
            
$oTsr->tsr_DtID=$tsr_DtID;
            
$oTsr->tsr_docname=$tsr_docname;
            
$oTsr->tsr_DrsDocDueDate=$tsr_DrsDocDueDate;
            
$oTsr->tsr_statusDocAtt=$tsr_statusDocAtt;
            
$oTsr->Save();
        }else{
            
$oTsr->Edit();
            
$oTsr->tsr_fr_node=$tsr_fr_node;
            
$oTsr->tsr_fr_node_date=$tsr_fr_node_date;
            
$oTsr->tsr_to_node=$tsr_to_node;
            
$oTsr->tsr_to_node_date=$oTsr->tsr_to_node_date;
            
$oTsr->tsr_docid=$tsr_docid;
            
$oTsr->tsr_doc_url=$tsr_doc_url;
            
$oTsr->tsr_doc_chksum=$tsr_doc_chksum;
            
$oTsr->tsr_status=$oTsr->tsr_status;
            
$oTsr->tsr_id_send=$tsr_id_send;
            
$oTsr->tsr_docgroup=$tsr_docgroup;
            
$oTsr->tsr_DrsID=$tsr_DrsID;
            
$oTsr->tsr_DocSubject=$tsr_DocSubject;
            
$oTsr->tsr_DocNo=$tsr_DocNo;
            
$oTsr->tsr_DocDate=$tsr_DocDate;
            
$oTsr->tsr_DocFrom=$tsr_DocFrom;
            
$oTsr->tsr_DocTo=$tsr_DocTo;
            
$oTsr->tsr_DocRef=$tsr_DocRef;
            
$oTsr->tsr_DocOther=$tsr_DocOther;
            
$oTsr->tsr_DslID=$tsr_DslID;
            
$oTsr->tsr_DclID=$tsr_DclID;
            
$oTsr->tsr_DocShortDesc=$tsr_DocShortDesc;
            
$oTsr->tsr_PtID=$tsr_PtID;
            
$oTsr->tsr_DtID=$tsr_DtID;
            
$oTsr->tsr_docname=$tsr_docname;
            
$oTsr->tsr_DrsDocDueDate=$tsr_DrsDocDueDate;
            
$oTsr->tsr_statusDocAtt=$tsr_statusDocAtt;
            
$oTsr->Save();        
        }
        echo 
'mr';
    }
    
    if(
$fn=='r4'){
        
$oTsr->SearchBytsr_id_send($tsr_id_send);
        
$oTsr->GetRecord();                    
        
$oTsr->Edit();
        
$oTsr->tsr_status='r4';
        
$oTsr->Save();
    }
    
    if(
$fn=='checkr3r4'){
        
$oTsr->SearchBytsr_id_send_tsr_fr_node($tsr_id_send,$tsr_fr_node);
        
$oTsr->GetRecord();
        echo 
$oTsr->tsr_status;    
    }
    function 
getNowDateTh() {
        
$yy date('Y')+543;
        
$mm date('m');
        
$dd date('d');
        return 
$yy.'-'.$mm.'-'.$dd;
    }
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0057 ]--