!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/views/eregis-13022565/   drwxrwxrwx
Free 51 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_editPerson.php (13.28 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
?>
<SCRIPT language="JavaScript" type="text/JavaScript">
//function echeck(str) {
//    var at="@";
//    var dot=".";
//    var lat=str.indexOf(at);
//    var lstr=str.length;
//    var ldot=str.indexOf(dot);
//    if (str.indexOf(at) == -1) {
//        alert("กรุณากรอกรูปแบบอีเมล์ที่ถูกต้อง !");
//        return false;
//    }
//    if (str.indexOf(at)==-1 || str.indexOf(at)==0 || str.indexOf(at)==lstr) {
//        alert("กรุณากรอกรูปแบบอีเมล์ที่ถูกต้อง !");
//        return false;
//    }
//
//    if (str.indexOf(dot)==-1 || str.indexOf(dot)==0 || str.indexOf(dot)==lstr) {
//        alert("กรุณากรอกรูปแบบอีเมล์ที่ถูกต้อง !");
//        return false;
//    }
//
//    if (str.indexOf(at,(lat+1)) != -1) {
//        alert("กรุณากรอกรูปแบบอีเมล์ที่ถูกต้อง !");
//        return false;
//    }
//
//    if (str.substring(lat-1,lat)==dot || str.substring(lat+1,lat+2)==dot) {
//        alert("กรุณากรอกรูปแบบอีเมล์ที่ถูกต้อง !");
//        return false;
//    }
//    if (str.indexOf(dot,(lat+2))==-1){
//        alert("กรุณากรอกรูปแบบอีเมล์ที่ถูกต้อง !");
//        return false;
//    }
//            
//    if (str.indexOf(" ")!=-1){
//        alert("กรุณากรอกรูปแบบอีเมล์ที่ถูกต้อง !");
//        return false;
//    }
//    return true;                    
//}
//
//function chk(){
//    if(document.pc.officerCode.value == "") { 
//        alert("กรุณากรอกรหัสบุคลากร !");
//        document.pc.officerCode.focus();
//        return false;
//    }
//    if(document.pc.officerType.value == "0") {
//        alert("กรุณาเลือกประเภทบุคลากร !");
//        document.pc.officerType.focus();
//        return false;
//    }
//    if(document.pc.prefixName.value == "") { 
//       alert("กรุณากรอกคำนำหน้าชื่อภาษาไทย !");
//       document.pc.prefixName.focus();
//       return false;
//    }
//    if(document.pc.officerName.value == "") {
//        alert("กรุณากรอกชื่อภาษาไทย !");
//        document.pc.officerName.focus();
//        return false;
//    }
//    if(document.pc.officerSurname.value == "") {
//        alert("กรุณากรอกนามสกุลภาษาไทย !");
//        document.pc.officerSurname.focus();
//        return false;
//    }
//    if(document.pc.officerNameEng.value == "") {
//        alert("กรุณากรอกชื่อภาษาอังกฤษ !");
//        document.pc.officerNameEng.focus();
//        return false;
//    }
//    if(document.pc.officerSurnameEng.value == "") {
//        alert("กรุณากรอกนามสกุลภาษาอังกฤษ !");
//        document.pc.officerSurnameEng.focus();
//        return false;
//    }
//
//    var emailID=document.pc.officerEmail;
//    if ((emailID.value!=null || emailID.value!="") && (emailID.value!="-")){
//        if (echeck(emailID.value)==false){
//            emailID.value="";
//            emailID.focus();
//            return false;
//        }
//    }    
//
//    if(document.pc.contactAddress.value == "") {
//        alert("กรุณากรอกสถานที่ติดต่อ !");
//        document.pc.contactAddress.focus();
//        return false;
//    }
//    if(document.pc.contactPhone.value == "") {
//        alert("กรุณากรอกเบอร์โทรศัพท์ที่ติดต่อ !");
//        document.pc.contactPhone.focus();
//        return false;
//    }    
//}
//
//function chkDebtUDAuthority() {
//    if(document.pc.organId.value == "")
//        document.pc.debtUDAuthority.disabled = true;
//    else
//        document.pc.debtUDAuthority.disabled = false;
//}
</SCRIPT>
<table width="95%" align="center">
    <tr>
        <td><br><fieldset>
            <legend><font size="2" color="<?php echo $font_color_err;?>"><a href="adminIndex.php?mm=1">บุคลากร</a> 
            <img src="<?php echo base_url().$this->config->item("rg_ico3");?>" align="absmiddle" border="0"> เพิ่มบุคลากรใหม่<img src="<?php echo base_url().$this->config->item("rg_ico3");?>" align="absmiddle" border="0">แก้ไข</font></legend>
            <div align="center"><br><table width="100%">
                <tr>
                    <td><?php echo form_open($this->config->item("rg_folder")."officer/prs_insert_update");?><table width="100%" align="center">
                        <tr bgcolor="<?php echo $this->config->item("rg_table_colr");?>">
                            <td colspan="4" height="22"><font size="3" color="<?php echo $font_color_table;?>"><b>&nbsp;ข้อมูลทั่วไปบุคลากร</b></font></td>
                        </tr>
<?php
//                        $oOf->SearchByKey($officerId);
//                        $oOf->GetRecord();
?>
                        <tr>
                            <td width="30%"><font size="2"><b>รหัสประจำตัว</b></font></td>
                            <td width="55%"><input type="text" name="prsId" id="prsId" value="<?php echo (set_value('prsId')=="") ? $prsId set_value('prsId');?>" size="20" />
                            <font size="2" color="<?php echo $font_color_err;?>">*</font></td>
                            <td width="15%" rowspan="5"><img src="<?php //echo $oOf->ofPicturePath;?>" width="100" height="115"></td>
                        </tr>
<?php
//                        $oSt->SearchByKey($oOf->officerType);
//                        $oSt->GetRecord();
?>
                        <tr bgcolor="<?php echo $tr_color_even;?>">
                            <td height="22"><font size="2"><b>ประเภทบุคลากร</b></font></td>
                            <td>
                            <select name="prsPtId">
                            XXXXXXXXXXXX
                                <option value="<?php echo $oOf->officerType;?>" selected><?php echo $oSt->description;?></option>
<?php
//                                $oSt->RSSysOfficerTypeDes();
//                                while($oSt->GetRecord()) {
?>
                                <option value="<?php //echo $oSt->officerType;?>"><?php //echo $oSt->description;?></option>
<?php
//                                }
?>
                            </select>
                            <font size="2" color="<?php echo $font_color_err;?>">*</font></td>
                        </tr>
                        <tr>
                            <td height="22"><font size="2"><b>ประเภทอาจารย์</b></font></td>
                            <td>
                            <select name="prsItId">
<?php
//                                $oSit->RSrg_SysInstructorType();
//                                while($oSit->GetRecord()) {
?>
                                <option value="<?php //echo $oSit->sitId;?><?php //echo ($oSit->sitId==$oOf->ofSitId) ? 'selected' : '';?>><?php //echo $oSit->sitName;?></option>
<?php
//                                }
?>
                            </select></td>
                        </tr>
<?php
//                        $oPf->SearchByKey($oOf->prefixId);
//                        $oPf->GetRecord();
?>
                        <tr bgcolor="<?php echo $tr_color_even;?>">
                            <td><font size="2"><b>ชื่อ-นามสกุล (ไทย)</b></font></td>
                            <td><input type="text" name="prefixName" value="<?php echo $oPf->prefixName;?>" size="5" class="input2" readonly>
                            <IMG src="../picture/search.gif" width="14" height="19" border="0" align="absmiddle" id=IMG3 style="CURSOR: hand" onclick='OpenWindow("prefixTable.php",400,400)'>
                            <input type="text" name="officerName" value="<?php echo $oOf->officerName;?>" size="10">
                            <input type="text" name="officerSurname" value="<?php echo $oOf->officerSurname;?>" size="10">
                            <font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>">*</font>
                            <input type="hidden" name="prefixId" value="<?php echo $oOf->prefixId;?>"></td>
                        </tr>
                        <tr>
                            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><strong>ชื่อ-นามสกุลอังกฤษ</strong></font></td>
                            <td>&nbsp;</td>
                            <td><input type="text" name="prefixNameEng" value="<?php echo $oPf->prefixNameEng;?>" size="8" class="input1" readonly>
                            <input type="text" name="officerNameEng" value="<?php echo $oOf->officerNameEng;?>" size="10">
                            <input type="text" name="officerSurnameEng" value="<?php echo $oOf->officerSurnameEng;?>" size="10">
                            <font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>">*</font></td>
                        </tr>
                        <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_4"];?>">
                            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><strong>รูปภาพบุคลากร</strong></font></td>
                            <td>&nbsp;</td>
                            <td colspan="2"><input type="file" name="uploadfile" value="<?php echo $oOf->ofPicturePath;?>">
                            <font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>">(ขนาดรูปภาพควรมีขนาด 100x115 pixels)</font></td>
                        </tr>
                        <tr>
                            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><strong>อีเมล์</strong></font></td>
                            <td>&nbsp;</td>
                            <td colspan="2"><input type="text" name="officerEmail" value="<?php echo $oOf->officerEmail;?>" size="20">
                            <font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>">*</font></td>
                        </tr>
<?php
                        $oSs
->SearchByKey($oOf->officerStatus);
                        
$oSs->GetRecord();
?>
                        <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_4"];?>">
                            <td height="22"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><b>สถานะบุคลากร</b></font></td>
                            <td>&nbsp;</td>
                            <td colspan="2"><select name="officerStatus">
                                <option value="<?php echo $oOf->officerStatus;?>"><?php echo $oSs->description;?></option>
<?php
                                $oSs
->RSSysOfficerStatusDes();
                                while(
$oSs->GetRecord()) {
?>
                                <option value="<?php echo $oSs->officerStatus;?>"><?php echo $oSs->description;?></option>
<?php
                                
}
?>
                            </select></td>
                        </tr>
                        <tr>
                            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><strong>สถานที่ติดต่อ</strong></font></td>
                            <td>&nbsp;</td>
                            <td colspan="2"><input type="text" name="contactAddress" value="<?php echo $oOf->contactAddress;?>" size="30">
                            <font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>">*</font></td>
                        </tr>
                        <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_4"];?>">
                            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><strong>เบอร์โทรศัพท์ติดต่อ</strong></font></td>
                            <td>&nbsp;</td>
                            <td colspan="2"><input type="text" name="contactPhone" value="<?php echo $oOf->contactPhone;?>" size="20">
                            <font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>">*</font></td>
                        </tr>
<?php
                        $oOg
->SearchByKey($oOf->organId);
                        
$oOg->GetRecord();
?>
                        <tr>
                            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><strong>สังกัดหน่วยแจ้งหนี้นักศึกษา</strong></font></td>
                            <td>&nbsp;</td>
                            <td colspan="2"><select name="organId" onChange="chkDebtUDAuthority()">
<?php
                                
if(! is_null($oOf->organId)) {
                                    
$oOg->SearchByKey($oOf->organId);
                                    
$oOg->GetRecord();
?>
                                <option value="<?php echo $oOf->organId;?>"><?php echo $oOg->organName;?></option>
<?php
                                
}
?>
                                <option value="">---ไม่สังกัดหน่วยแจ้งหนี้นักศึกษา---</option>
<?php
                                $oOg
->RSOrgan();
                                while(
$oOg->GetRecord()) {
?>
                                <option value="<?php echo $oOg->organId;?>"><?php echo $oOg->organName;?></option>
<?php
                                
}
?>
                            </select></td>
                        </tr>
                        <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_4"];?>">
                            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><strong>สิทธิ์ในการลบหรือแก้ไข</strong></font></td>
                            <td>&nbsp;</td>
                            <td colspan="2"><input type="checkbox" name="debtUDAuthority" id="chk1" value="Y" <?php if(is_null($oOf->organId)) echo 'disabled'; if($oOf->debtUDAuthority == 'Y') echo 'checked';?>>
                            <font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><label for="chk1">มีสิทธิ์ลบหรือแก้ไขข้อมูลหนี้สินนักศึกษาได้</label></font></td>
                        </tr>
                        <tr>
                            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><strong>ตำแหน่ง</strong></font></td>
                            <td>&nbsp;</td>
                            <td colspan="2"><input type="text" name="officerPosition" value="<?php echo $oOf->officerPosition;?>" size="30"></td>
                        </tr>
                        <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_4"];?>">
                            <td><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><strong>หมายเหตุ</strong></font></td>
                            <td>&nbsp;</td>
                            <td colspan="2"><input type="text" name="remark" value="<?php echo $oOf->remark;?>" size="30"></td>
                        </tr>
                    </table></td>
                </tr>
                <tr>
                    <td align="center"><br><input type="submit" name="edit" value="แก้ไข" onClick="return(chk())">
                    <input type="reset" name="clear" value="เคลียร์ข้อมูล">
                    <input type="button" name="cancel" value="ยกเลิก" onClick="location.href = 'showOfficer.php'">
                    <input type="button" name="back" value="กลับเมนูหลัก" onClick="location.href = 'adminIndex.php?mm=1'">
                    <input type="hidden" name="method" value="edit">
                    <input type="hidden" name="officerId" value="<?php echo $officerId;?>"></td>
                </tr>
            </table></form></div>
        </fieldset><br><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>"><b>หมายเหตุ : </b>* หมายถึง ต้องกรอกข้อมูลให้สมบูรณ์</font></td>
    </tr>
</table>
<?php
$oOf
->Destroy();
$oPf->Destroy();
$oSt->Destroy();
$oSit->Destroy();
$oSs->Destroy();
$oOg->Destroy();
$conn->Disconnect();
showFooter();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0113 ]--