!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/views/eregis/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_paymentDebt.php (8.18 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<script type="text/javascript" src="<?php echo base_url();?>js/karn_module.js"></script>
<?php
    $row_prsDebtUD 
= (isset($qu_prsDebtUDAuthority) && $qu_prsDebtUDAuthority!=NULL) ? $qu_prsDebtUDAuthority->row() : NULL;
    
if(
$qu_prsDebtUDAuthority->num_rows()>0){
    
$prsDebtUDAuthority $row_prsDebtUD->prsDebtUDAuthority;
    if(
$qu_std->num_rows()>0){
        
$row_std = (isset($qu_std) && $qu_std!=NULL) ? $qu_std->row() : NULL;
        
$row_cur = (isset($qu_cur) && $qu_cur!=NULL) ? $qu_cur->row() : NULL;
        
$row_sy = (isset($qu_sy) && $qu_sy!=NULL) ? $qu_sy->row() : NULL;
        
$row_lv = (isset($qu_lv) && $qu_lv!=NULL) ? $qu_lv->row() : NULL;
        
$row_org = (isset($qu_org) && $qu_org!=NULL) ? $qu_org->row() : NULL;
    }
}else{
    
$prsDebtUDAuthority NULL;
}
?>
<script>
function checkPerson(db,ses){
    if($.trim($('#dbtRefNo').val())==""){
        $('#dbtRefNo').focus();
        alert('กรุณาป้อน');
        return false;
    }
    if(db!=ses){
        sendPost('person',{'send':'Bill','db':db,'ses':ses,'prsItId':'<?=$row_prsDebtUD->prsItId;?>','prsOrgId':'<?=$row_prsDebtUD->prsOrgId;?>'},'<?echo site_url($this->config->item("rg_folder")."finance/adminPass");?>',{});
    }else{
        return true;
    }
    return false;
}
</script>
            <label><div align="center"><br><?php echo form_open($this->config->item("rg_folder")."finance/debt_insert_update", array("name" => "pc""id" => "pc"));?><table width="80%" border="0" cellspacing="1" cellpadding="1" bordercolor="<?php echo $table_color_even;?>">
                <tr>
                    <td align="center"><span class="h error">บันทึก</span></td>
                </tr>
                <tr>
                    <td>&nbsp;</td>
                </tr>
<?php
                
if($prsDebtUDAuthority== NULL or is_null($row_prsDebtUD->prsOrgId)) {
?>
                <tr>
                    <td align="center" height="22"><span class="error">** กรุณาตรวจสอบหน่วยแจ้งหนี้นักศึกษาให้ถูกต้อง
                    <a href="searchPaymentDebt">คลิกที่นี่ย้อนกลับ</a> **</span></td>
                </tr>
<?php
                
}else if($qu_std->num_rows()<=0) {
?>
                <tr>
                    <td align="center" height="22"><span class="error">** กรุณาตรวจสอบเงื่อนไขให้ถูกต้อง
                    <a href="searchPaymentDebt">คลิกที่นี่ย้อนกลับ</a> **</span></td>
                </tr>
<?php                            
                
}
                else {    
?>                        
                <tr>
                    <td align="center"><table class="szone">                                                                                                                            
                        <tr bgcolor="<?php echo $tr_color_even?>">
                            <td class="coltd_szone">รหัสนักศึกษา</td>
                            <td><?php echo setValue('stdCode',$row_std);?>
                            <input type="hidden" name="stdCode" value="<?php echo setValue('stdCode',$row_std);?>">
                            <input type="hidden" name="stdId" value="<?php echo setValue('stdId',$row_std);?>"></td>
                            <td class="coltd_szone">ชื่อ-นามสกุล</td>
                            <td> <?php echo setValue('prefixName',$row_std).setValue('stdName',$row_std).' '.setValue('stdSurname',$row_std);?></td>
                        </tr>
                        <tr bgcolor="<?php echo $tr_color_even?>">
                            <td class="coltd_szone">หลักสูตร</td>
                            <td colspan="3"> <?php echo setValue('curName',$row_cur);?></td>
                        </tr>
                        <tr bgcolor="<?php echo $tr_color_even?>">
                            <td class="coltd_szone">ชั้นปี</td>
                            <td><?php echo setValue('syCode',$row_sy);?></td>                                
                            <td class="coltd_szone">ระดับการศึกษา</td>
                            <td><?php echo setValue('levelName',$row_lv);?></td>
                        </tr>
                        <tr bgcolor="<?php echo $tr_color_even?>">
                            <td class="coltd_szone">ปีการศึกษาที่เป็นหนี้</td>
                            <td><?php echo $acY;?>
                            <input type="hidden" name="acY" value="<?php echo $acY;?>"></td>
                            <td class="coltd_szone">ภาคการศึกษาที่เป็นหนี้</td>
                            <td><?php echo $tmId;?>
                            <input type="hidden" name="tmId" value="<?php echo $tmId;?>"></td>                                    
                        </tr>
                        <tr bgcolor="<?php echo $tr_color_even?>">
                            <td class="coltd_szone">หน่วยแจ้งหนี้นักศึกษา</td>
                            <td colspan="3"><?php echo setValue('orgName',$row_org);?>
                            <input type="hidden" name="orgId" value="<?php echo setValue('orgId',$row_org);?>"></td>
                        </tr>                                                                                                                                                                                                
                    </table></td>
                </tr>
                <tr>
                    <td>&nbsp;</td>
                </tr>
                <tr>
                    <td align="center"><table class="headCol">
                        <tr>
                            <th class="seqCol">ลำดับที่</th>
                            <th>รายการ</th>
                            <th class="domAmtCol">จำนวนเงิน</th>
                            <th class="domAmtCol">เลขที่ใบเสร็จ</th>
                            <th class="editCol">ชำระหนี้สิน</th>
                        </tr>
<?php
                        $i 
0;
                        
$total 0;
                        foreach(
$rs_debt->result() as $row_debt) {
                            
$total $total+$row_debt->dbtAmt;
                            echo 
"<tr onmouseover=\"bgColor='".$tr_color_even."'\" onmouseout=\"bgColor='".$this->config->item("rg_mouseout")."'\">";
?>
                            <td align="center"><?php echo $i+1;?>
<?php
                            
if($method=='payOrder' && $row_debt->dbtSeq==$dbtSeq && $row_debt->dbtStdId==$row_std->stdId && $row_debt->dbtAcY==$acY && $row_debt->dbtTmId==$tmId) {
?>
                            <input type="hidden" name="dbtSeq" value="<?php echo $row_debt->dbtSeq;?>">
<?php
                            
}
?>
                            </td>
                            <td><font size="2">
                            <input type="hidden" name="dbtDescription" id="dbtDescription" size="30" value="<?php echo $row_debt->dbtDescription;?>">
<?php                                            
                                
echo $row_debt->dbtDescription;    
?>
                            </font></td>
                            <td align="right">
                            <input type="hidden" name="dbtAmt" id="dbtAmt" size="4" value="<?php echo $row_debt->dbtAmt;?>" class="right">
<?php
                                
echo number_format($row_debt->dbtAmt2);
?>
                            </td>
                            <td align="center">
<?php
                            
if($method=='payOrder' && $row_debt->dbtSeq==$dbtSeq && $row_debt->dbtStdId==$row_std->stdId && $row_debt->dbtAcY==$acY && $row_debt->dbtTmId==$tmId) {
?>                            
                            <input type="text" name="dbtRefNo" id="dbtRefNo" size="7" maxlength="7">
<?php
                            
}
?>
                            </td>
                            <td align="center">
<?php
                            
if($method=='payOrder' && $row_debt->dbtSeq==$dbtSeq && $row_debt->dbtStdId==$row_std->stdId && $row_debt->dbtAcY==$acY && $row_debt->dbtTmId==$tmId) {
?>
                            <input type="submit" name="edit" value="ชำระหนี้สิน" onClick="return checkPerson(<? echo "'".$row_debt->dbtCreateUserId."','".$this->session->userdata('UsLogin')."'";?>)">    
<?
                            
}else{
?>
                                <span class="hand" onClick="sendPost('hidform',<? echo "{'method':'payOrder','dbtSeq':'".$row_debt->dbtSeq."','stdId':'".$row_debt->dbtStdId."','acY':'".$row_debt->dbtAcY."','tmId':'".$row_debt->dbtTmId."','stdCode':'".setValue('stdCode',$row_std)."'}";?>,'<?echo site_url($this->config->item("rg_folder")."finance/paymentDebt");?>')"><img <?echo "src=\"".base_url().$this->config->item("rg_edit")."\"";?> align="absmiddle" border="0"></span></td>
<?
                            
}
?>                        
                        </tr>
<?php
                            $i
++;
                        }
                        
                        if(
$i == 0) {
?>
                        <tr>
                            <td align="center" colspan="5" height="22"><span ="error">** ไม่ปรากฏรายการหนี้สินในฐานข้อมูล **</span></td>
                        </tr>
<?php                                
                        
}
?>
                        <tr bgcolor="<?php echo $table_color_even;?>">                                                          
                            <td align="right" colspan="2"><b>รวมเงินทั้งสิ้น</b></td>
                            <td align="right"><?php echo number_format($total2);?></td>
                            <td colspan="3">&nbsp;</td>
                        </tr>
                        <tr>                                                          
                            <td colspan="3">
<?php
                            
if($method=='payOrder') {
?>                                        
                            <input type="hidden" name="method" value="edit">
                            <input type="reset" name="clear" value="เคลียร์ข้อมูล">
                            <input type="submit" name="cancel" value="ยกเลิก" onClick="document.pc.action = 'paymentDebt'">
<?php
                            
}else{
?>
                            <input type="button" name="back" value="ย้อนกลับ" onClick="location.href = 'searchPaymentDebt'">
<?}?>
                            </td>
                            <td align="right" colspan="2">รวม <?php echo $i;?> รายการ</td>
                        </tr>                                    
                    </table></td>
                </tr>
<?php
                
}
?>                                                
            </table></form></div></label>
        

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0129 ]--