!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage/   drwxr-xr-x
Free 51.23 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     AddStudentCom.php (12.72 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

    
    
//session_start();
    
    /**  Define Validate Access  */
    
define'_VALID_ACCESS');

    
/**  Check Session User Login  */
    /*
    if( !session_is_registered("valid_user") && !session_is_registered("Priority") ) {
        echo "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=windows-874\" />";
        echo "<p style=padding-top:115px><p align=center><br /><font color=red><strong>กรุณาทำการ Login ก่อน</strong></font></p></p>";
        echo "<meta http-equiv=\"refresh\" content=\"1; URL=../login.php\" />";
        exit();
    } 
    else {
    
    /**  Configuration  */
    
include( "configuration.php" );
    require_once( 
$_Config_absolute_path "/includes/framework.php" );
    include_once( 
"./link/function.php" );

    
/**  using 'reg' DB  */
    
include("./includes/FunctionDB2.php");
    include(
"./includes/Function.php");
    
    
/**  Create Database Object  */
    
$dbObj = new DBConn;
    
    
ConnectDB();
        
    
/**  Config Table for This Page  */
    
$myTable "StudentMaster";
    
$myTableFK "studentId";

    
    
$query " SELECT *  FROM $myTable WHERE studentCode='$studentCode' ";
    
$result $dbObj->execQuery($query);
    
$rs $dbObj->fetchArray($result);

    
$sql " SELECT *  FROM StudentBio  WHERE  studentCode='$studentCode' ";     
    
$result mysql_query($sql);
    
$rss mysql_fetch_array($result);

    
$picturePath str_replace"../"""$rss['picturePath'] );
    
    
mysql_select_db("manage_db");
    
    
$sql " SELECT *  FROM stu_notebook  WHERE  studentCode='$studentCode' ";     
    
$result mysql_query($sql);
    
$rs5 mysql_fetch_array($result);
    
    
mysql_select_db("reg");
    
    
//} # else

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874" />
<title><?=$_Config_sitename;?> - ข้อมูลนักศึกษา - ประวัตินักศึกษา</title>
<script type="text/javascript" src="./js/utilities.js"></script>
<script type="text/javascript" src="./js/calendarDateInput3.js"></script>
<link href="./css/default.css" rel="stylesheet" type="text/css" />
<script language="javascript">
function checkData() {
var formObj = document.myForm;
var validate = true;

     if(!formObj.notebookName.value ) { 
        alert("กรุณากรอก รุ่นคอมพิวเตอร์"); 
        formObj.notebookName.style.backgroundColor='#F1F9FC'; 
        formObj.notebookName.focus(); 
        validate = false;
    } 
    
    if(validate == true) return true;
    else return false;
}
</script>
</head>

<body topmargin="0" rightmargin="0" bottommargin="0" leftmargin="0">
<?php
    
include( "./templates/incHeader.php" );
?>
<table width="1003" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td width="215" align="left" valign="top" style="padding:10px 0px 0px 5px"><?php include( "templates/incMainMenuLeft.php" );?></td>
    <td width="788" height="300" align="center" valign="top" style="padding:10px 0px 5px 10px"><fieldset><table width="770" border="0" cellspacing="0" cellpadding="0">
     <form id="myForm" name="myForm" method="post" action="InsertCom.php" onsubmit="return checkData();">
      <tr>
        <td height="5"></td>
      </tr>
      <tr>
        <td height="30" background="images/background/bg-head-topic-w780.gif"><span class="PADDING-LEFT-10"><strong><a href="index.php">หน้าหลัก</a></strong> <strong>&raquo; <a href="StudentList.php">ข้อมูลนักศึกษา</a> &raquo; <span class="NOTE">แบบฟอร์การลงทะเบียนคอมพิวเตอร์โน๊ตบุคนักศึกษา</span></strong></span></td>
        </tr>
      <tr>
        <td>&nbsp;</td>
      </tr>
      <tr>
        <td align="center" valign="top"><table width="95%" border="0" align="center" cellpadding="0" cellspacing="0">
              <tr>
                <td width="80%"><table width="100%" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="#E4E4E4">
                  <tr bordercolor="#E7FAFE">
                    <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">รหัสนักศึกษา</td>
                    <td bgcolor="#FFFFFF">&nbsp;</td>
                    <td bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php echo $rs['studentCode']; ?> <input name="studentCode" type="hidden" id="studentCode" value="<?php echo $rs['studentCode']; ?>" /></td>
                  </tr>
                  <tr bordercolor="#E7FAFE">
                    <td height="20" align="right" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ชื่อ-นามสกุล (ไทย)</td>
                    <td width="10" bgcolor="#FFFFFF">&nbsp;</td>
                    <td width="393" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php
                    $prefixId 
=  $rs['prefixId'];
                    
$sql1 " SELECT *  FROM Prefix  WHERE prefixId='$prefixId' ";
                    
$result1 mysql_query($sql1);
                    
$rs1 mysql_fetch_array($result1);
                        echo 
$rs1['prefixName'];?><?=$rs['studentName'];?> &nbsp;<?=$rs['studentSurname'];?>
                      <input name="prefixName" type="hidden" id="prefixName" value="<?php echo $rs1['prefixName']; ?>" />
                      <input name="studentName" type="hidden" id="studentName" value="<?php echo $rs['studentName']; ?>" />
                      <input name="studentSurname" type="hidden" id="studentSurname" value="<?php echo $rs['studentSurname']; ?>" /></td>
                  </tr>
                  <tr bordercolor="#E7FAFE">
                    <td width="150" height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">หลักสูตร</td>
                    <td nowrap="nowrap" bgcolor="#FFFFFF">&nbsp;</td>
                    <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><?php 
                        $sql 
" SELECT *  FROM Program  WHERE programId='$rs[programId]' " ;
                        
$result2 $dbObj->execQuery($sql);
                        
$rs2 $dbObj->fetchArray($result2);
                        
$dbObj->freeresult($result2);
                            if( 
$rs2['programName'] != "" ) echo $rs2['programName'];
                            else echo 
"&nbsp;";
                    
?>&nbsp; <strong>รุ่น</strong> <?php 
                        $sql 
" SELECT *  FROM Generation  WHERE programId='$rs[programId]' " ;
                        
$result3 $dbObj->execQuery($sql);
                        
$rs3 $dbObj->fetchArray($result3);
                        
$dbObj->freeresult($result3);
                            if( 
$rs3['genNo'] != "" ) echo $rs3['genNo'];
                            else echo 
"&nbsp;";
                    
?></td>
                  </tr>
                  <tr bordercolor="#FFFFFF">
                    <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">นำเข้ามาใช้งาน</td>
                    <td nowrap="nowrap" bgcolor="#FFFFFF">&nbsp;</td>
                    <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10">
                    <script>DateInput('Date', true, 'DD/MM/YYYY','<?=($rs5['Date'])?ymdT2dmyE($rs5['Date']):date("d/m/Y");?>');</script> 
                    <!--วันที่</a>*</a>
                      <select name="mDate" id="mDate" class="select" >
                        <? getDay1to31();?>
                      </select>
เดือน
<select name="mMonth" id="mMonth" class="select" >
  <? getThaiMonth();?>
</select>
ปี พ.ศ. </a>
<select name="mYear" id="mYear">
  <?php
                $curr_year 
date("Y")+543
                
$prev_year $curr_year-2;
                
$next_year $curr_year+3;
                
                for( 
$i=$prev_year$i<=$next_year$i++ ) { 
                
?>
  <option value="<?=$i;?><?php if( $i==$curr_year ) echo 'selected'; elseif( $i==$Budget_Year ) echo 'selected'?>>
  <?=$i;?>
  </option>
  <?php
                
# for
            
?>
</select>
</a>--></td>
                  </tr>
                              
                  <tr bordercolor="#FFFFFF">
                    <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ยี่ห้อ</td>
                    <td nowrap="nowrap" bgcolor="#FFFFFF">&nbsp;</td>
                    <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"></font>
                      <select name="NotebookCode" id="NotebookCode">
                        <option  value="Acer" <?php if($rs5['NotebookCode']=="Acer"){ echo "selected" ; } ?> >Acer </option>
                        <option  value="Asus" <?php if($rs5['NotebookCode']=="Asus"){ echo "selected" ; } ?> >Asus</option>
                        <option  value="Dell" <?php if($rs5['NotebookCode']=="Dell"){ echo "selected" ; } ?> >Dell </option>
                        <option  value="Axioo" <?php if($rs5['NotebookCode']=="Axioo"){ echo "selected" ; } ?> >Axioo </option>
                        <option  value="Benq" <?php if($rs5['NotebookCode']=="Benq"){ echo "selected" ; } ?> >Benq</option>
                        <option  value="Compag" <?php if($rs5['NotebookCode']=="Compag"){ echo "selected" ; } ?> >Compag </option>
                        <option  value="Fujitsu" <?php if($rs5['NotebookCode']=="Fujitsu"){ echo "selected" ; } ?> >Fujitsu </option>
                        <option  value="Gateway" <?php if($rs5['NotebookCode']=="Gateway"){ echo "selected" ; } ?> >Gateway </option>
                        <option  value="Gigabyte" <?php if($rs5['NotebookCode']=="Gigabyte"){ echo "selected" ; } ?> >Gigabyte </option>
                        <option  value="Hp" <?php if($rs5['NotebookCode']=="Hp"){ echo "selected" ; } ?> >Hp </option>
                        <option  value="Sony" <?php if($rs5['NotebookCode']=="Sony"){ echo "selected" ; } ?> >Sony </option>
                        <option  value="SVOA" <?php if($rs5['NotebookCode']=="SVOA"){ echo "selected" ; } ?> >SVOA </option>
                        <option  value="Lenovo" <?php if($rs5['NotebookCode']=="Lenovo"){ echo "selected" ; } ?> >Lenovo </option>
                        <option  value="MIS" <?php if($rs5['NotebookCode']=="MIS"){ echo "selected" ; } ?> >MIS </option>
                        <option  value="NEC" <?php if($rs5['NotebookCode']=="NEC"){ echo "selected" ; } ?> >NEC </option>
                        <option  value="Samsung" <?php if($rs5['NotebookCode']=="Samsung"){ echo "selected" ; } ?> >Samsung </option>
                        <option  value="Toshiba" <?php if($rs5['NotebookCode']=="Toshiba"){ echo "selected" ; } ?> >Toshiba </option>
                        <option  value="VZIO" <?php if($rs5['NotebookCode']=="VZIO"){ echo "selected" ; } ?> >VZIO </option>
                        <option  value="Kohjinsha" <?php if($rs5['NotebookCode']=="Kohjinsha"){ echo "selected" ; } ?> >Kohjinsha</option>
                      </select>                      </a></td>
                  </tr>
                  <tr bordercolor="#FFFFFF">
                    <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">รุ่น</td>
                    <td nowrap="nowrap" bgcolor="#FFFFFF">&nbsp;</td>
                    <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><label>
                      <input name="notebookName" type="text" id="notebookName" size="20"  value="<?=($rs5['notebookName'])?$rs5['notebookName']:""?>"/>
                    </label></td>
                  </tr>
                  <tr bordercolor="#FFFFFF">
                    <td height="20" align="right" nowrap="nowrap" bordercolor="#FFFFFF" bgcolor="#FFFFFF">ค่า MAC Address</td>
                    <td width="10" nowrap="nowrap" bgcolor="#FFFFFF">&nbsp;</td>
                    <td nowrap="nowrap" bgcolor="#FFFFFF" class="TEXT-DARK-BLUE10"><label>
                      <input name="MaxAddress" type="text" id="MaxAddress" size="20" maxlength="25"  value="<?=($rs5['MaxAddress'])?$rs5['MaxAddress']:""?>"/>
                    </label></td>
                  </tr>
                  <?php if(isset($rs['Degree_His2']) && $rs['Degree_His2'] != "" ) { ?>
                  <?php 
                      
#if 
                      
if( isset($rs['Degree_His3']) && $rs['Degree_His3'] != "" ) {
                  
?>
                  <?php #if ?>
                 </table>
                  <table width="100%" border="0" cellspacing="0" cellpadding="0">
                    <tr>
                      <td>&nbsp;</td>
                    </tr>
                    <tr>
                      <td align="center"><input type="submit" name="Submit" id="button" value="บันทึกคอมพิวเตอร์" style="cursor:pointer"/></td>
                    </tr>
                  </table></td>
                <td width="20%" valign="top" align="center"><table width="100" border="0" cellspacing="0" cellpadding="0">
                  <tr>
                    <td><img src="<?php echo $picturePath?>" width="100" height="115" /></td>
                  </tr>
                </table></td>
              </tr>
            </table></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
      </tr></form>
    </table>
    </fieldset></td>
  </tr>
</table>
<?php include( "./templates/incFooter.php" ); ?>
</body>
</html>
<?php
    
/**  Free Resource */
    
$dbObj->freeresult($result);

    
/**  Close the Database  */
    
$dbObj->disconn();
    
    
/**  Unset Class  */
    
unset($dbObj);
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0078 ]--