!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/   drwxr-xr-x
Free 51.23 GB of 127.8 GB (40.09%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     AddProjectedu_03.php (6.12 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

include("./include/FunctionDB.php");

include(
"./include/Function.php");

include(
"admin_menu.php");

 
ConnectDB();

$sql "SELECT * FROM  edu_service_tb  Where Project_code='$Project_code' ";

$result mysql_query($sql);

$rs mysql_fetch_array($result);

?>

<meta http-equiv="Content-Type" content="text/html; charset=TIS-620">



<table width="843" border="0" cellpadding="0" cellspacing="0">

    <tr>

        <td width="784"><br>

          <fieldset>

            <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="ShowProjectedu.php" >หน้าหลัก</a> <img src="./picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"><a href="ProjectEduList_03.php?Project_code=<? echo $rs[Project_code] ;?> ">ตรวจสอบรายชื่อเข้าอบรม</a> <img src="./picture/ico3.gif" width="10" height="10" border="0" align="absmiddle">แบบฟอร์มสมัครเข้าอบรม</a></font></legend>

            <label><div align="center">

              <form id="form1" name="form1" method="post" action="InsertProjectedu_01.php">

                <table width="69%" height="208" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border:0px solid gray">

                  

                  <tr bgcolor="#CCCCCC" >

                    <td height="29" colspan="3" bgcolor="#eeeeee"><div align="center" class="style2"><font size="3" face="Tahoma">แบบฟอร์มสมัครเข้าร่วมปฏิบัติธรรม </font></div></td>
                  </tr>

                  <tr bgcolor="#CCCCCC">

                    <td width="18%" height="28" bgcolor="#FFFFFF"><div align="center" class="style1">

                      <div align="left"><font size="2" face="Tahoma">โครงการ</font></div>

                    </div></td>

                    <td width="1%" bgcolor="#FFFFFF">&nbsp;</td>

                    <td width="81%" bgcolor="#FFFFFF"><div align="left"><font color="#006633" size="2" face="Tahoma"> </font>

                            <p>

                              <label><font color="#003366" size="2" face="Tahoma"> </font></label>

                              <font color="#996600" size="2" face="Tahoma">

                              <?php

         
//$Project_code =  $rss["Project_code"];

         
$sql "Select * From edu_service_tb Where Project_code='$Project_code'";

          
$result1 mysql_query($sql) or die("Error".mysql_error());

          
$rss mysql_fetch_array($result1);

          echo 
"$rss[Project_name] ";

         
?>
                              </font></strong>

                              <label> </label>
                            </p>

                    </div></td>
                  </tr>

                  <tr bgcolor="#CCCCCC">

                    <td height="22" bgcolor="#FFFFFF"><font size="2" face="Tahoma">ชื่อ-สกุล</font></td>

                    <td bgcolor="#FFFFFF">&nbsp;</td>

                    <td bgcolor="#FFFFFF"><label><strong><font color="#003366" size="2" face="Tahoma">

                      <select name="Teacher_code" id="Teacher_code" class="input1">

                        <?php

           $strSQL2 
"SELECT * FROM personal_tb Where  Permision='2'   Order by Teacher_name ";

           
$result2 mysql_query($strSQL2);

                 while( 
$rs2 mysql_fetch_array($result2))     

                     {

                 echo
"<option value=\"$rs2[Teacher_code]\" ><b>$rs2[First_name]&nbsp;$rs2[Teacher_name]&nbsp;&nbsp;$rs2[Teacher_lastname]</b></option>\n";

                }

                                

          
?>
                      </select>

                    </font></strong></label></td>
                  </tr>

                  <tr bgcolor="#CCCCCC">

                    <td height="22" bgcolor="#FFFFFF"><font size="2" face="Tahoma">ภาค/ฝ่าย</font></td>

                    <td bgcolor="#FFFFFF">&nbsp;</td>

                    <td bgcolor="#FFFFFF"><strong><font color="#003366" size="2" face="Tahoma">

                      <select name="Faculty_code" id="Faculty_code" class="input1">

                        <?php

           $strSQL3 
"SELECT * FROM  faculty_tb ";

           
$result3 mysql_query($strSQL3);

                 while( 
$rs3 mysql_fetch_array($result3))     

                     {

                 echo
"<option value=\"$rs3[Faculty_code]\" ><b>$rs3[Faculty_name]</b></option>\n";

                }

                
CloseDB();  

                

          
?>
                      </select>

                    </font></strong></td>
                  </tr>

                  <tr bgcolor="#CCCCCC">

                    <td height="28" bgcolor="#FFFFFF"><font size="2" face="Tahoma">วันที่เข้าอบรม</font></td>

                    <td bgcolor="#FFFFFF">&nbsp;</td>

                    <td bgcolor="#FFFFFF"><label><font size="2" face="Tahoma">4 - 11 พฤศจิกายน  2550 ณ สวนพนาวัฒน์ อ. ฮอด จ.เชียงใหม่ </font></label></td>
                  </tr>

                  <tr bgcolor="#CCCCCC">

                    <td height="22" bgcolor="#FFFFFF"><font size="2" face="Tahoma">ตำแหน่ง</font></td>

                    <td bgcolor="#FFFFFF">&nbsp;</td>

                    <td bgcolor="#FFFFFF"><font size="2" face="MS Sans Serif, Tahoma, sans-serif">

                      <input name="Detail" type="text" id="Detail" size="25" />

                    </font></td>
                  </tr>

                  <tr bgcolor="#EEEEEE">

                    <td height="19" colspan="3" bgcolor="#FFFFFF"><div align="left"><font size="2" color="#FF0000">หมายเหตุ </font><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>">ถ้าสมัครแล้วไม่สามารถแก้ไขข้อมูลได้จะต้องแจ้งศูนย์พัฒนาบุคลากร รับจำนวนจำกัด 40 คน </font></div></td>
                  </tr>

                  <tr bgcolor="#CCCCFF" >

                    <td height="25" colspan="3" bgcolor="#FFFFFF"><div align="center">

                      <input name="Project_code" type="hidden" id="Project_code" value="<? echo $rs[Project_code]?>" />

                        <input type="submit" name="Submit" value=" บันทึก " class="button" />

                      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

                      <input type="reset" name="Submit2" value="เริ่มใหม่" class="button" />

                    </div></td>
                  </tr>
                </table>

              </form>

              </div>

            </label>

        </fieldset><br>

        <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>หมายเหตุ :</b> ใช้เมาส์คลิกที่ชื่อ<br>

      </font></td>

    </tr>

</table>


:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0122 ]--