!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/controllers/esa/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.89%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     adviser_record.php (5.22 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include("sa_controller.php");
class 
Adviser_record extends Sa_controller {
    private 
$title '';
    private 
$recordDate '';
    private 
$recordTime '';
    private 
$detail '';
    private 
$adviser '';
    private 
$stdId '';

    function 
genForm() {
        
$data['genForm'] = 'genFORM';
        
$this->load->model($this->config->item('sa_folder').'sa_adviser_record_model','sa_arv');
        
$arv $this->sa_arv;
        
$this->load->model($this->config->item('sa_folder').'sa_adviser_type_model','avt');
        
$avt $this->avt;

        
$avt->avt_status 'Y';
        
$data['rs_avt'] = $avt->get_optionsByStatus();

        
$avr_grp $this->input->post('avr_grp');

        
$arv->avr_grp $avr_grp;
        
$data['qu_avr'] = $arv->get_by_key_2();

        
$data['v_search'] = ($this->input->post('v_search')) ? $this->input->post('v_search') : '';

        
$ps_id $this->input->post('ps_id');
        
$avr_title $this->input->post('avr_title');
        
$avr_detail $this->input->post('avr_detail');
        
        
$data['sa_ad'] = $arv->get_by_std($data['v_search']);
        
        
$this->output("v_record_cunsulting",$data);
    }

    function 
insert_adviser(){
        
$this->load->library('form_validation');
        
$this->form_validation->set_error_delimiters('<div class="error">''</div>');

        
$this->form_validation->set_rules('avr_id'' ''trim|xss_clean');
        
$this->form_validation->set_rules('avr_acy'' ''trim|xss_clean');
        
$this->form_validation->set_rules('avr_tm'' ''trim|xss_clean');
        
$this->form_validation->set_rules('avr_type''ประเภท ''trim|callback_checkselect|xss_clean');
        
$this->form_validation->set_rules('avr_title''เรื่อง''trim|required|xss_clean');
        
$this->form_validation->set_rules('avr_date''วันที่ให้คำปรึกษา''trim|required|xss_clean');
        
$this->form_validation->set_rules('recordTime_hr''จำนวนชั่วโมง''trim|callback_checkselect|xss_clean');
        
$this->form_validation->set_rules('recordTime_mn''นาที''trim|callback_checkselect|xss_clean');
        
$this->form_validation->set_rules('avr_detail''รายละเอียด''trim|xss_clean');
        
$this->form_validation->set_rules('ps_id''อาจารย์ที่ให้คำปรึกษา''trim|required|xss_clean');
        
$this->form_validation->set_rules('wk11_co''นักศึกษาที่ได้รับคำปรึกษา''trim|required|xss_clean');
        
        if (
$this->form_validation->run() == FALSE) {
            
$this->genForm();
            
        } else {
            
$this->load->model($this->config->item('sa_folder').'sa_adviser_record_model','sa_arv');
            
$arv $this->sa_arv;

            
$arv->avr_grp $this->input->post('avr_grp');
            
$arv->delete_grp();

            
$this->db->trans_begin();
            
$next_grp $arv->get_next_grp();

            
$a explode("###"$this->input->post('wk11_co'));
            
$i 0;

            foreach (
$a as $value) {
            
$v explode(":"$value);

                
$query_std $arv->get_std_id($v[0]);
                
$row $query_std->row();
                
$arv->avr_acy $this->session->userdata('acY');
                
$arv->avr_tm $this->session->userdata('tmCode');
                
$arv->avr_type trim($this->input->post('avr_type'));
                
$arv->avr_title trim($this->input->post('avr_title'));
                
$arv->avr_date splitDateForm2($this->input->post('avr_date'),'-');
                
$arv->avr_time trim($this->input->post('recordTime_hr').':'.$this->input->post('recordTime_mn'));
                
$arv->avr_detail trim($this->input->post('avr_detail'));
                
$arv->avr_prs_id trim($this->input->post('ps_id'));
                
$arv->avr_std_id $row->stdId;
                
$arv->avr_grp $next_grp;

                
$arv->insert();
            }
            

            if(
$this->db->trans_status() === false) {
                
$this->db->trans_rollback();
            } else {
                
$this->db->trans_commit();
            }
            
redirect($this->config->item('sa_folder').'adviser_record/genForm');
        }
    }

    function 
delete_adviser () {
        
$this->load->model($this->config->item('sa_folder').'sa_adviser_record_model','sa_arv');
        
$arv $this->sa_arv;

        
$arv->avr_grp $this->input->post('avr_grp');
        
$arv->delete_grp();

        
redirect($this->config->item('sa_folder').'adviser_record/genForm');
    }
    
    function 
report() {
        if(
$this->input->post()){
            
$this->load->model($this->config->item('sa_folder').'sa_adviser_record_model','sa_arv');
            
            
$stdCode $this->input->post('stdCode');
            
$stdName $this->input->post('stdName');
            
$stdSurname $this->input->post('stdSurname');
            
            
$advisor $this->input->post('ps_id2');
            
$avr_fdate splitDateForm2($this->input->post('avr_fdate'),'-');
            
$avr_tdate splitDateForm2($this->input->post('avr_tdate'),'-');
            
            if(
$advisor){
                
$data['sa_ad'] = $this->sa_arv->getByAdvisorAndDate($advisor$avr_fdate$avr_tdate);
            } else if(
$stdCode){
                
$data['sa_ad'] = $this->sa_arv->getByStdcodeAndDate($stdCode$avr_fdate$avr_tdate);
            } else if(
$stdName){
                
$data['sa_ad'] = $this->sa_arv->getByStdnameAndDate($stdName$avr_fdate$avr_tdate);
            } else if(
$stdSurname){
                
$data['sa_ad'] = $this->sa_arv->getByStdsurnameAndDate($stdSurname$avr_fdate$avr_tdate);
            } else {
                
$data['sa_ad'] = $this->sa_arv->getByDate($avr_fdate$avr_tdate);
            }
            
            
$data['fdate'] = abbreDate($this->input->post('avr_fdate'));
            
$data['tdate'] = abbreDate($this->input->post('avr_tdate'));
            
$this->output("v_report_cunsulting",$data);
        } else {
            
$this->output("v_report_cunsulting",'');
        }
    }
    
}

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0203 ]--