110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/manage_22222/edu_depart/ drwxr-xr-x Free 52.36 GB of 127.8 GB (40.97%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686

uid=48(apache) gid=48(apache) groups=48(apache)

Safe-mode: OFF (not secure)

/var/www/html/manage_22222/edu_depart/ drwxr-xr-x
Free 52.36 GB of 127.8 GB (40.97%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

Viewing file: Subject_Menu.php (3.81 KB) -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |

<?php
session_start();
 if (session_is_registered("valid_user")&&session_is_registered("Priority")&&session_is_registered("password") )
 {
include("../include/FunctionDB.php");
include("admin_menu.php");
include("../include/Function.php");
ConnectDB();
$sql = "Select * From course_tb Where Course_code='$Course_code'";
$result = mysql_query($sql) or die("Error".mysql_error());
$row = mysql_fetch_array($result);
?> 

<meta http-equiv="Content-Type" content="text/html; charset=TIS-620">

<table width="835" border="0" cellpadding="0" cellspacing="0">
	<tr>
		<td width="835" ><br> 
		  <fieldset>
		    <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="Edu_Menu.php">Л№йТЛЕСЎ</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"><a href="Menu_Course.php">ўйНБЩЕЎТГЅиТВЗФЄТЎТГ</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"><a href="EditCourseList.php"> бЎйдўўйНБЩЕЛЕСЎКЩµГ</a></font></legend>
			<label>
  <form id="form1" name="form1" method="post" action="">
    <table width="48%" border="0" align="center" cellpadding="0" cellspacing="3" bordercolor="#B6B6B6" bgcolor="#B6B6B6">
      <tr>
        <td width="8%"><div align="center"><img src="../Image/icon_paper2.gif" width="9" height="11" /> </div></td>
        <td width="71%"><div align="left"><strong><font size="4" face="Tahoma"><a href="Subject_category/SubCateList.php"><font size="2">ЛБЗґЗФЄТ</font></a></font></strong> <font size="2" face="Tahoma"> </font></div></td>
        <td width="21%"><strong><font color="#00FFFF" size="4" face="Tahoma">
          <?php
	  $sql1 = "Select  * From subject_category_tb";
	  $result1 = mysql_query($sql1) or die("Error".mysql_error());
	  $num1 = mysql_num_rows($result1);
	  echo " ( $num1 )";

	?>
        </font></strong></td>
      </tr>
      <tr>
        <td><div align="center"><img src="../Image/icon_paper2.gif" width="9" height="11" /></div></td>
        <td><div align="left"><font size="2" face="Tahoma"><strong><a href="Subject_group/Sub_groupList.php">ЎЕШиБЗФЄТ</a>   </strong></font></div></td>
        <td><font size="4" face="Tahoma"><strong><font color="#00FFFF">
          <?php
	  $sql2 = "Select  * From subject_group_tb";
	  $result2 = mysql_query($sql2) or die("Error".mysql_error());
	  $num2= mysql_num_rows($result2);
	  echo " ( $num2 )";
	?>
        </font></strong></font></td>
      </tr>
      <tr>
        <td><div align="center"><img src="../Image/icon_paper2.gif" width="9" height="11" /></div></td>
        <td><div align="left"><strong><font size="2" face="Tahoma"><a href="SubjectList.php">ГТВЗФЄТ</a>   </font></strong></div></td>
        <td><strong><font size="4" face="Tahoma"><font color="#00FFFF">
          <?php
	  $sql3 = "Select  * From subject_tb";
	  $result3 = mysql_query($sql3) or die("Error".mysql_error());
	  $num3= mysql_num_rows($result3);
	  echo " ( $num3 )";
	?>
        </font></font></strong></td>
      </tr>
      <tr>
        <td><div align="center"><img src="../Image/icon_paper2.gif" width="9" height="11" /></div></td>
        <td><div align="left"><strong><font size="2" face="Tahoma"><a href="Plan/PlanList.php">бј№ЎТГКН№ГТВЗФЄТ</a>   </font></strong></div></td>
        <td><strong><font size="4" face="Tahoma"><font color="#00FFFF">
          <?php
	  $sql4 = "Select  * From tech_plan_tb";
	  $result4 = mysql_query($sql4) or die("Error".mysql_error());
	  $num4= mysql_num_rows($result4);
	  echo " ( $num4 )";
	?>
        </font></font></strong></td>
      </tr>
    </table>
  </form>
		  </fieldset>
		<br>
		<font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>ЛБТВаЛµШ :</b> гЄйаБТКм¤ЕФЎ·ХиЄЧиНЛЕСЎКЩµГаѕЧиНКБС¤ГаГХВ№ўН§№СЎИЦЎЙТг№ЛЕСЎКЩµГ<br>
	  </font></td>
	</tr>
</table>
<?php 
	}
else
{
       echo"<meta http-equiv=\"refresh\" content=\"3;URL=../login.php\">\n";
       echo"Please Login ";
}
?>

:: Command execute ::
Enter:	Select:

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Search ::

:: Upload ::

:: Make Dir ::

:: Make File ::

:: Go Dir ::

:: Go File ::

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0062 ]--