!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/views/esa/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_smo.php (6.51 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
    $_image_reply 
= array(
                    
'src' => 'images/edit.png',         
                    
'width' => '15',
                    
'height' => '15',
                    
'border' => '0',
                    
'title' => 'แก้ไขข้อมูล',
                    
'onmouseover' => "this.style.cursor='pointer'"
    
);
    
$_image_del = array(
                    
'src' => 'images/delete.png',         
                    
'width' => '15',
                    
'height' => '15',
                    
'border' => '0',
                    
'title' => 'ลบข้อมูล',
                    
'onmouseover' => "this.style.cursor='pointer'"
    
);

?><table width="80%" align="center" >
    <tr>
        <td align="center"><h3>บันทึก/แก้ไขสโมสร</h3></td>
    </tr>
    <tr>
        <td >
            <table width="100%" class='szone2' border="0">

                <?php echo form_open_multipart($this->config->item('sa_folder').'smo_club/add_smo', array("name" => "myform""id" => "myform"));?>
                <input type="hidden" name="sc_id" value="<?php echo set_value('sc_id'$qu_smo->sc_id);?>" />
                    <tr>
                        <th width="20%" align="right">ชื่อสโมสร (ไทย) </th>
                        <td width="80%"><input type="text" name="sc_name" id="sc_name" value="<?php echo set_value('sc_name'$qu_smo->sc_name);?>" size="60" /> <span class="error">* 
                        <?php echo form_error('sc_name'); ?>
                        <?php echo isset($error_name)? $error_name "" ?></span></td>
                    </tr>
                    <tr>
                        <th align="right">ชื่อสโมสร (อังกฤษ) </th>
                        <td><input type="text" name="sc_name_eng" id="sc_name_eng" value="<?php echo set_value('sc_name_eng'$qu_smo->sc_name_eng);?>" size="60" />
                        <?php echo form_error('sc_name_eng'); ?></td>
                    </tr>
                    <tr>
                        <th align="right" valign="top">วัตถุประสงค์ </th>
                        <td><textarea id="sc_objective" name="sc_objective"  rows="5" cols="60" class=""><?php echo set_value('sc_objective'$qu_smo->sc_objective);?></textarea></td>
                    </tr>
                    <tr>
                        <th align="right" valign="top">รายละเอียด </th>
                        <td><textarea id="sc_detail" name="sc_detail"  rows="5" cols="60" class=""><?php echo set_value('sc_detail'$qu_smo->sc_detail);?></textarea></td>
                    </tr>
                    <tr>
                        <th align="right">วันที่ก่อตั้งสโมสร </th>
                        <td><input type="text" name="sc_fr_date" id="sc_fr_date" value="<?php echo set_value('sc_fr_date'$qu_smo->sc_fr_date);?>" size="30" /> <span class="error">* <?php echo form_error('sc_fr_date'); ?></span></td>
                    </tr>
                    <tr>
                        <th align="right">วันที่สิ้นสุดสโมสร </th>
                        <td><input type="text" name="sc_to_date" id="sc_to_date" value="<?php echo set_value('sc_to_date'$qu_smo->sc_to_date);?>" size="30" /><?php echo form_error('sc_to_date'); ?></td><!--class="required-thai"  <span class="error">!-->
                    </tr>
                    <tr>
                        <th align="right">แนบไฟล์ </th>
                        <td><input type="file" name="fileupload" id="fileupload" value="<?php echo set_value('sc_id'$qu_smo->sc_id);?>" size="30" />&nbsp;&nbsp;&nbsp;&nbsp;
                        <?    
                        
if(isset($file[set_value('sc_id'$qu_smo->sc_id)]) and $file[set_value('sc_id'$qu_smo->sc_id)]->num_rows()>0){
                            foreach (
$file[set_value('sc_id'$qu_smo->sc_id)]->result() as $row_file) {
                                echo 
anchor_popup(base_url().$row_file->fup_path,$row_file->fup_file_name);
                            }
                        }
                        
?>
                        <span class="error">(ขนาดไฟล์ไม่เกิน 2 MB) 
                        <?php
                        
if(isset($error)){
                            echo 
"<br />".$error['error'];
                        }
                        ;
?>
                        </span>
                        </td>
                    </tr>
                    <tr>
                        <td colspan="2" align="center">
                        <input type="submit" name="add" value="บันทึก" /><input type="reset" name="clear" id="clear" value="เคลียร์ข้อมูล" /></td>
                    </tr>
                <?php echo form_close();?>
            </table>
        </td>
    </tr>
</table>
<br />
<table class="tb_1" width="80%" border="1">
<!--     <tr>
        <td colspan="5" height="22"></td>
    </tr> -->
    <tr align="center" >
        <th width="5%" >ลำดับที่</th>
        <th width="30%" >ชื่อสโมสร(ไทย)</th>
        <th width="15%" >วันที่ก่อตั้งสโมสร</th>
        <th width="20%" >แนบไฟล์</th>
        <th width="5%" >แก้ไข</th>
        <th width="5%" >ลบ</th>
    </tr>
<?php 
if ($rs_smo->num_rows() > 0) {
    
$index=1;
    foreach (
$rs_smo->result() as $row) {
?>
    <tr >
        <td align="center"><?php echo $index;?></td>
        <td align="left">
        <span class="hand" onClick="sendPost('myform_smo', {'sc_id':'<?php echo $row->sc_id?>'}, 'detail_smo',{})"><?php echo $row->sc_name;?></span></td>
        <td align="center"><?php echo $row->sc_fr_date;?></td>
         <td align="center">
    <?
        
if(isset($file[$row->sc_id]) and $file[$row->sc_id]->num_rows()>0){
            foreach (
$file[$row->sc_id]->result() as $row_file) {
                
$atts = array("title"=>$row_file->fup_file_name);
                echo 
anchor_popup(base_url().$row_file->fup_path,img($this->config->item('sa_image_clip')),$atts);
            }
        }else{
            echo 
"-";
        }
        
        
//<a href="javascript:void(0)" title="abc">echo img($this->config->item('sa_image_clip'));</a>
     
?>
         </td>
        <td align="center"><span class="hand" onClick="sendPost('myform1', {'sc_id':<?php echo $row->sc_id;?>}, 'smo')"><?php echo img($this->config->item('sa_image_reply'));?></span></td>
        <td align="center">
        <?if(isset($pm) and $pm[$row->sc_id]=='Y'){?>
        <span class="hand" onClick="if (confirm('ต้องการลบใช่หรือไม่')) { sendPost('hidform', {'sc_id':<?php echo $row->sc_id;?>}, 'del_smo'); }"><?php echo img($this->config->item('sa_image_del'));?></span>
        <?}else{
            echo 
img($this->config->item('sa_image_ndel'));
        }
?>
        </td>
    </tr>
<?php 
        $index
++;
    }
} else {
?>
        <tr class='notfound'>
            <td colspan="7" align="center"><?php echo $this->config->item('sa_not_found');?></td>
        </tr>
<?php 
}
?>
</table>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0168 ]--