!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/ealumni/admin/   drwxr-xr-x
Free 46.22 GB of 127.8 GB (36.16%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     addalumni_reg.php (6.59 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once "template.php";
include_once "../class/clsimportupdate.php";
include_once "../class/clsmapprogram.php";
include_once "../class/clsprogramalumni.php";

$oId= new ImportUpdate($oC1);
$oMp = new MapProgram($oC1);
$oPg_A = new ProgramAlumni($oC1);

include_once "../class/clsStudentMaster.php";
include_once "../class/clsProgram.php";
$oSm = new StudentMaster($oC2);
$oPg_R = new Program($oC2);


confirmSubmit();
showHeader();
openNewWindow();
include_once "../link/function.php";
?>
<script language="JavaScript1.2">
function AddProgram(){
    document.ps.action="processimportupdate2.php";
    document.ps.submit();
}
</script>

<meta http-equiv="Content-Type" content="text/html; charset=windows-874">
<table width="740" border="0" align="center" cellpadding="0" cellspacing="1">
    <tr>
        <td><br><fieldset>
      <legend ><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>"><a href="?mm=1">อัพเดทข้อมูลจากระบบทะเบียนนักศึกษา</a></font></legend>
      <label>
<div align="center"><br><form name="ps" method="post" action="processimportupdate.php">
          <table width="700" align="center" border="0" cellpadding="0" cellspacing="1">
            <tr> 
              <td colspan="2" ><table width="700" align="center" border="0" cellpadding="0" cellspacing="1">
                  <tr bgcolor="#CCCCCC"> 
                  <td  colspan="4"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><li>สามารถอัพเดทข้อมูลจากระบบทะเบียนนักศึกษาได้ตลอดเวลา</li></font></td>
                  </tr>
                  <tr align="left"> 
                    <td colspan="4" height="22" align="center"><br>
                      <input type="submit" name="add" value="อัพเดทข้อมูลจากระบบทะเบียนนักศึกษา" > 
                      <input type="hidden" name="method" value="<? echo "add"?>" >
                    </td>
                  </tr>
                  <tr align="left"> 
                    <td colspan="4" height="22" align="left">
                         <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2">&nbsp;</font>
                    </td>
                  </tr>
                  <?   if($check ==1) {  ?>
                  <tr align="left"> 
                    <td colspan="4" height="22" align="left">
                         <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2">&nbsp;</font>
                    </td>
                  </tr>
                  <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TABLE_1"];?>">
                    <td width="54" height="22" align="center" rowspan="2"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>ลำดับ</strong></font></td>
                    <td height="22" align="center" colspan="2"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><strong>หลักสูตร</strong></font></td>
                  </tr>
                  <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TABLE_1"];?>">
                    <td width="322"  height="22" align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>ระบบทะเบียนนักศึกษา</strong></font></td>
                    <td width="320"  height="22" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_1"];?>" size="2"><strong>ระบบทะเบียนศิษย์เก่า</strong></font></td>
                  </tr>
                  <?
                    // Check Map Program
                    $i=1;
                    $oSm->RSStudentMasterGroupProgramgraduateYear(4);
                    while($oSm->GetRecord())
                    {
                        $oMp->SearchByprogramId_reg($oSm->programId);
                        if($oMp->GetRecord()==0)
                        {
                            $oPg_R->SearchByKey($oSm->programId);
                            $oPg_R->GetRecord();
                            if(($i%2) == 0)
                                echo "<tr>";
                            else
                                echo "<tr bgcolor=\"".$GLOBALS["COLOR_BG_TABLE_3"]."\">";
                  ?>
                    <td   height="22" align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><? echo $i?></font></td>
                    <td   height="22" align="left"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><? echo $oPg_R->programName?></font></td>
                    <td   height="22" align="center"><font color="<?php echo $GLOBALS["COLOR_FONT_4"];?>" size="2">
                    <select name="programId_A<? echo $i;?>" >
                    <option value=""><? echo "---เลือกหลักสูตร---";?>
                    <?
                            $oPg_A->RSProgramalumni();
                            while($oPg_A->GetRecord())
                            echo "<option value=\"$oPg_A->programalumniId\">$oPg_A->programalumniName\n";
                    ?>
                    </select>            
                     </font>
                     </td>
                  </tr>
                  <input type="hidden" name="programR<? echo $i;?>" value="<? echo $oPg_R->programId;?>">
                  <?
                            $num $i;
                              $i++;
                        }
                    }
                  ?>
                  <tr align="left"> 
                    <td colspan="4" height="22" align="left">
                         <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2">&nbsp;</font>
                    </td>
                  </tr>
                  <tr align="center">
                    <td colspan="4" height="22" align="center">
                        <input type="hidden" name="maxId" value="<? echo $num;?>">
                         <input type="button" name="save" value="บันทึกหลักสูตร" onClick = "return AddProgram()"> 
                    </td>
                  </tr>
                  <?  } else if($check == 2) { ?>
                  <tr align="left"> 
                    <td colspan="4" height="22" align="left">
                         <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2">&nbsp;</font>
                    </td>
                  </tr>
                  <tr align="left"> 
                    <td colspan="4" height="22" align="center">
                         <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><strong>***  ทำการอัพเดทข้อมูลเสร็จเรียบร้อยแล้ว มีรายการอัพเดททั้งหมด <? echo $numnewrecord?> รายการ ***</strong></font>
                    </td>
                  </tr>
                  <? ?>
                  <? if($oId->GetMaxDate() != "" ) { ?> 
                  <tr align="left"> 
                    <td colspan="4" height="22" align="left"><br>
                         <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2">* </font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>">วันที่อัพเดทข้อมูลจากระบบทะเบียนนักศึกษาล่าสุดวันที่ <? echo fullDate(splitDateDb2($oId->GetMaxDate(),'/')); ?><br>
      </font>
                    </td>
                  </tr>
                  <? ?>
                </table> </td>
            </tr>
          </table>
        </form>
      </div>        
            </label>
          </fieldset>
          <br>
      <font color="<?php echo $GLOBALS["COLOR_FONT_3"];?>" size="2"><br>
      </font><br>
        </td>
       </tr>
</table>
<font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"> </font> 
<p>&nbsp;</p><?php
showFooter();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0139 ]--