!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     FrmEditMan.php (12.46 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
session_start
();
 if (
session_is_registered("valid_user"))
 {
 
$Username $valid_user;
include(
"../include/FunctionDB.php");
include(
"../include/Function.php");
include(
"admin_menu.php");
ConnectDB();
$sql ="SELECT * FROM manament_tb  Where  code='$code'";
  
$result mysql_query($sql) or die("Cannot Select").mysql_error();
  
$rs mysql_fetch_array($result);
?>
<script language="JavaScript" type="text/JavaScript">
<!--
  function browse()
{
form1.Imag1.src = form1.Img1.value;
}
<!--
 function MM_openBrWindow(theURL,winName,features) { //v2.0
  window.open(theURL,winName,features);
}
//-->
function chk(c){
if (c.checked){
document.all.Prob1.disabled=false;
document.all.Prob2.disabled=false;
document.all.Prob3.disabled=false;
document.all.Prob4.disabled=false;
}
else{
document.all.Problem.disabled=false;
}
}
</script>

<meta http-equiv="Content-Type" content="text/html; charset=TIS-620">
<script language="JavaScript" type="text/JavaScript">
<!--
  function browse()
{
form1.Imag1.src = form1.Img1.value;
}
<!--
 function MM_openBrWindow(theURL,winName,features) { //v2.0
  window.open(theURL,winName,features);
}
//-->
function chk(c){
if (c.checked){
document.all.Prob1.disabled=false;
document.all.Prob2.disabled=false;
document.all.Prob3.disabled=false;
document.all.Prob4.disabled=false;
}
else{
document.all.Problem.disabled=false;
}
}
</script>
<style type="text/css">
<!--
.style24 {    color: #0000FF;
    font-weight: bold;
}
-->
</style>
<table width="840" border="0" cellpadding="0" cellspacing="0">
    <tr>
      <td width="840" ><br> 
          <fieldset>
            <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="menu_teacher.php">หน้าหลัก</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"><a href="EditManList.php?Teacher_code=<? echo $rs[Teacher_code?>">แก้ไขข้อมูล</a></font></legend>
            <label>
          <div align="center">
              <form id="form1" name="form1" method="post" action="EditMan.php"  enctype="multipart/form-data">
                <table width="81%" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="eeeeee" style="border:1px solid gray">
                  <tr bgcolor="#CCCCFF" >
                    <td height="25" colspan="3" bgcolor="eeeeee"><div align="center"><font color="#000000" size="4" face="Tahoma"><strong><font color="#FF0000">แก้ไข</font> ข้อมูล</strong></font></div></td>
                  </tr>
                  <tr bordercolor="#99CCFF">
                    <td bgcolor="eeeeee"><div align="center"><font size="2" face="Tahoma">วันที่แจ้งซ่อม</font></div></td>
                    <td bgcolor="eeeeee"><div align="center"><font color="#FF0000" size="4" face="Tahoma"><strong>*</strong></font></div></td>
                    <td bgcolor="eeeeee"><font color="#000000" size="2" face="Tahoma">วันที่
                      <select name="mDate" id="select4" class="select" >
                            <?php
           $Date_buy 
$rs[Date_buy];
           
$yearthai explode("-",$Date_buy);
           
$mDate =   intval($yearthai[2]);
           
$mMonth =  intval($yearthai[1]);
           
$mYear =   intval($yearthai[0]);
            for(
$i=0;$i<=31;$i++)
             {  
            if( 
$i == 0)
               echo
"\n\t<option value=\"$mDate\" selected>$mDate</option>\n ";
             else
               echo
"\n\t<option value=\"$i\">$i</option>\n ";
              }
                 
//    getDay1to31();
           
?>
                    </select>
                      เดือน
                      <select name="mMonth" id="select5" class="select" >
                        <?php
          $Date_buy 
$rs[Date_buy];
           
$yearthai explode("-",$Date_buy);
           
$mDate=   intval($yearthai[2]);
           
$Month =  intval($yearthai[1]);
           
$mYear2=   intval($yearthai[0]);     
           
$mMonth $Month;
          
$CMonth TxtThaiMonth($Month);
           for(
$i=-1;$i<=11;$i++)
              {
             
$a $i+1;
                if( 
$a == 0)
                  echo
"\n\t<option value=\"$mMonth\" selected>$CMonth</option>\n ";
             else
                  echo
"\n\t<option value=\"$a\">$ThaiMonth[$i]</option>\n ";
              }
                 
// getThaiMonth();
          
?>
                      </select>
                      ปี พ.ศ.
                      <input name="mYear" type="text" id="mYear" size="4" class="input1" value="<? echo $mYear?>" />
                    </font></td>
                  </tr>
                  <tr bgcolor="#FFFFFF">
                    <td width="26%" bgcolor="eeeeee"><div align="center"><font size="2" face="Tahoma">รหัส - อุปกรณ์/ยี่ห้อ</font></div></td>
                    <td width="2%" bgcolor="eeeeee"><div align="center"><font color="#FF0000" size="4" face="Tahoma"><strong>*</strong></font></div></td>
                    <td width="72%" bgcolor="eeeeee"><select name="Acc_name" id="Acc_name" class="input1">
                        <?php
             $Acc_name 
$rs[Acc_name];
            
$strSQL6 "SELECT * FROM  manament_tb Where  code='$code' ";
            
$result6 mysql_query($strSQL6);
              
$strSQL7 "SELECT * FROM  manament_tb   ";
              
$result7 mysql_query($strSQL7);
                 while( 
$rs6 mysql_fetch_array($result6))
                {
                echo
"<option value=\"$rs6[Acc_name]\" ><b>$rs6[Acc_code]     &nbsp;$rs6[Acc_name]</b></option>\n";
                     while( 
$rs7 mysql_fetch_array($result7))
                    {
                echo
"<option value=\"$rs7[Acc_name]\" ><b>$rs7[Acc_code]     &nbsp;$rs7[Acc_name]</b></option>\n";
                }
                }
          
?>
                    </select></td>
                  </tr>
                  <tr bgcolor="#EEEEEE">
                    <td height="22" bgcolor="eeeeee"><div align="center"><font size="2" face="Tahoma">อาจารย์ผู้รับผิดชอบ</font></div></td>
                    <td bgcolor="eeeeee"><font color="#FF0000" size="4" face="Tahoma"><strong>*</strong></font></td>
                    <td bgcolor="eeeeee"><strong><font color="#003366" size="2" face="Tahoma">
                      <select name="Teacher_code" id="Teacher_code" class="input1">
                        <?php
          $Teacher_code 
$rs[Teacher_code];
           
$strSQL4 "SELECT * FROM personal_tb Where  Teacher_code='$Teacher_code' ";
           
$result4 mysql_query($strSQL4);
             
$strSQL5 "SELECT * FROM  personal_tb   Where   Permision='2'   Order by Teacher_name";
                 
$result5 mysql_query($strSQL5);
                 while( 
$rs4 mysql_fetch_array($result4))     
                     {
                 echo
"<option value=\"$rs4[Teacher_code]\" ><b>$rs4[Teacher_name]&nbsp;$rs4[Teacher_lastname]</b></option>\n";
                  while( 
$rs5 mysql_fetch_array($result5))     
                         {
                       echo
"<option value=\"$rs5[Teacher_code]\" ><b>$rs5[Teacher_name]&nbsp;$rs5[Teacher_lastname]</b></option>\n";
                  }
                     }        
            
?>
                      </select>
                    </font></strong></td>
                  </tr>
                  <tr bgcolor="#EEEEEE">
                    <td bgcolor="eeeeee"><div align="center"><font size="2" face="Tahoma"><font size="2">ชนิดอุปกรณ์</font> </font></div></td>
                    <td bgcolor="eeeeee"><font color="#FF0000" size="4" face="Tahoma"><strong>*</strong></font></td>
                    <td bgcolor="eeeeee"><font size="2" face="Tahoma">
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","Hand piece"))){echo "checked";} ?> value="Hand piece" />
                      Hand piece
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","X-ray"))){echo "checked";} ?> value="X-ray" />
                      X-ray
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","Air compressor"))){echo "checked";} ?> value="Air compressor" />
                      Air compressor
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","Dental Chair"))){echo "checked";} ?> value="Dental Chair" />
                      Dental chair
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","เครื่องขูดหินปูน"))){echo "checked";} ?> value="เครื่องขูดหินปูน" />
                    เครื่องขูดหินปูน</font></td>
                  </tr>
                  <tr bgcolor="#EEEEEE">
                    <td height="22" bgcolor="eeeeee">&nbsp;</td>
                    <td bgcolor="eeeeee"><font color="#FF0000" size="4" face="Tahoma"><strong>*</strong></font></td>
                    <td bgcolor="eeeeee"><font size="2" face="Tahoma">
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","เครื่องฉายแสง"))){echo "checked";} ?> value="เครื่องฉายแสง" />
                      เครื่องฉายแสง
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","Autocalve"))){echo "checked";} ?> value="Autocalve" />
                      Autocalve
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","เครื่องปั่นอมัลกั้ม"))){echo "checked";} ?> value="เครื่องปั่นอมัลกั้ม" />
                      เครื่องปั่นอมัลกั้ม
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","Hot air oven"))){echo "checked";} ?> value="Hot air oven" />
                      Hot air oven
                      <input type="radio" name="Status" <?php if (!(strcmp("$rs[Status]","Dental unit"))){echo "checked";} ?> value="Dental unit" />
                    Dental Unit </font></td>
                  </tr>
                  <tr bgcolor="#EEEEEE">
                    <td height="20" bgcolor="eeeeee"><div align="center"><font size="2" face="Tahoma">รายการ</font></div></td>
                    <td bgcolor="eeeeee"><div align="center"><font color="#FF0000" size="4" face="Tahoma"><strong>*</strong></font></div></td>
                    <td bgcolor="eeeeee"><font color="#006633" size="2" face="Tahoma">
                      <input name="Acc_code" type="text" id="Acc_code" value="<? echo $rs[Acc_code]?>" size="50" />
                    </font></td>
                  </tr>
                  <tr bgcolor="#eeeeee">
                    <td bgcolor="eeeeee"><div align="center"><font size="2" face="Tahoma">สถานที่อุปกรณ</font>์</div></td>
                    <td bgcolor="eeeeee">&nbsp;</td>
                    <td bgcolor="eeeeee"><input name="Store" type="text" class="input" id="Store" value="<? echo $rs[Store]?>" size="50" /></td>
                  </tr>
                  <tr bgcolor="#eeeeee">
                    <td height="67" bgcolor="eeeeee"><div align="center"><font size="2" face="Tahoma">สาเหตุอาการ</font></div></td>
                    <td bgcolor="eeeeee">&nbsp;</td>
                    <td bgcolor="eeeeee"><textarea name="Contact" cols="40" rows="4" class="input1" id="Contact"><? echo $rs[Contact]?></textarea>                    </td>
                  </tr>
                  <tr bordercolor="#99CCFF">
                    <td bgcolor="eeeeee"><div align="center"><font size="2" face="Tahoma">รูปภาพ</font></div></td>
                    <td bgcolor="eeeeee">&nbsp;</td>
                    <td bgcolor="eeeeee"><table width="100%" border="0" cellspacing="0" cellpadding="0">
                        <tr>
                          <td width="73%"><div align="center"> <font color="#996600" size="2" face="Tahoma"></font>
                                  <input name= "Img1"  type="file"  class="input"  id="Img1"  onchange="browse()" />
                          </div></td>
                          <td width="27%"><div align="center"><img src=" " name="Imag1" width="100" height="100" id="Imag1" /></div></td>
                        </tr>
                    </table></td>
                  </tr>
                  <tr bgcolor="#CCCCFF" >
                    <td height="25" colspan="3" bgcolor="eeeeee"><div align="center">
                        <input name="code" type="hidden" id="code" value="<? echo $rs[code]?>" />
                        <input type="submit" name="Submit" value=" แก้ไขข้อมูล" class="button" />
                    &nbsp;</div></td>
                  </tr>
                </table>
              </form>
          </div>
            </label>
        </fieldset><br>
      <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>หมายเหตุ :</b> ใช้เมาส์คลิกที่</font></td>
    </tr>
</table>
<?php
    
}
else
{
    echo
"<body bgcolor=\"#CCCCCC\">";
   echo
"<meta http-equiv=\"refresh\" content=\"3;URL=../logout.php\" target=\"mainFrame\">\n";
   echo
"<center>";
     echo
"<br><br><br><b><font face=\"Tahoma\" size=\"4\" color=\"#FF0000\">Please Login</font> </b><br>";
      echo
"<br><br><font face=\"Tahoma\" size=\"10\" color=\"#000000\"> ERROR 404 PERMISION DENY</font><br>";
      echo
"<br><font face=\"Tahoma\" size=\"4\" color=\"#000000\"> คุณไม่มสิทธ์ใช้งาน</font>";
      echo
"</center>";
      echo
"</body>";

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0115 ]--