110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis/eassess/admin/fileupdate/eassess/admin/ drwxr-xr-x Free 50.75 GB of 127.8 GB (39.71%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout
!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6
uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
uid=48(apache) gid=48(apache) groups=48(apache)
Safe-mode: OFF (not secure)
/var/www/html/mis/eassess/admin/fileupdate/eassess/admin/ drwxr-xr-x
Free 50.75 GB of 127.8 GB (39.71%)
Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout

<?php



include_once "template.php";

//showHeader();



require_once('../lib/nusoap/nusoap.php');

include_once "../link/function.php";

include_once "../class/clsFileUpdate.php";

include_once "../class/clsFileUpdateTemp.php";

include_once("../global0.php");



        

openWindow();

autotab();



$oCA = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB_EASS'], $GLOBALS['USER_EASS'], $GLOBALS['PASSWORD_EASS']);

$oFd = new FileUpdate($oCA);





$oFd = new FileUpdate($oCA); 

$oFd1 = new FileUpdate($oCA);   

$oFdt = new FileUpdateTemp($oCA);



    

/////////////////////////////////////////////////////

    $collegecode=$GLOBALS["COLLEGECODE"];

    $sysId=$GLOBALS["SYS_ID_E"];

    $savefiletodir="../../";  // real

    $server_path=$GLOBALS["SERVER_PATH"];

////////////////////////////////////////////////////

    

?> 

<?

                                

    $p=getcwd();



    if($success!="1"){

            $cv=$select_file;

            while($cv!=""){

                list($ff,$cv)=split(',',$cv,2);

                $cu++;

            }

        $counttotal=$cu;

    }



    //loop change result                

    list($fileId,$select_file) = split(",",$select_file,2);    

    

    

    // Create the client instance

    $client = new soapclient($server_path);

    $err = $client->getError();

    if($err){

        //echo '<h2>Constructor error</h2><pre>' . $err . '</pre>';

        ?>

        <script type="text/javascript">

                parent.location.href = "updatefile.php?nofile=3";

        </script>

        <?

    }

    

    // Call the SOAP method

    $result = $client->call('set_to_dir', array('collegeCode' => $collegecode,'fileId' => $fileId));

    if($client->fault){

        //echo '<h2>Fault call method update</h2><pre>'; print_r($result); echo '</pre>'; 

    }else{

        //echo '<h2>Result</h2><pre>' . $result . '</pre>';

        $err = $client->getError();

        if($err || ($result=="" && $fileid=="")){   //can not connect server 

            echo '<h2 style="background-color:#ff0000">Error</h2><pre>' . $err . '</pre>';

            ?>

            <script type="text/javascript">

                    parent.location.href = "updatefile.php?nofile=3";

            </script>

            <?

        }else{

            if($result=="Y"){

                $folderfile=getcwd();

                $oFd->SearchByfileId($fileId);

                $oFd->GetRecord();

            

                    //----to real dir   

                    chdir($pathnow);     //[/var/mis/folder/admin]

                    echo '<h2>>>>>>>>>>>>>>>>>>>path now1</h2><pre>' . getcwd() . '</pre>';

                    chdir($savefiletodir); 

                    echo '<h2>>>>>>>>>>>>>>>>>>>path now2</h2><pre>' . getcwd() . '</pre>';

                                                                

                    $pathfile=$oFd->path;

                    $i=1;

                    while(strrchr($pathfile,'/')!=""){

                        $f=strrchr($pathfile,'/');

                        list($pbb,$fo) = split('[/]',$f);

                        $folder[$i]=$fo;

                        list($pathfile,$pbb) = split($f,$pathfile);

                        $i++;

                    }

                    for($j=1; $j<$i; $j++){

                        $newf[$j]=$folder[$i-$j];

                    }

                    for($k=1; $k<$j; $k++){

                        $checknotfound=0;

                        $checkfound=0;                                                    

                        chdir($newf[$k-1]);

                        if ($handle = opendir(getcwd())) {

                            while (false !== ($file = readdir($handle))) {

                                if ($file != "." && $file != "..") {

                                    if($file==$newf[$k]){

                                        $checkfound=1;

                                    }else{

                                        $checknotfound=1;

                                        $save=$newf[$k];        

                                    }

                                }else{

                                    if($file==$newf[$k]){

                                        $checkfound=1;

                                    }else{

                                        $checknotfound=1;

                                        $save=$newf[$k];        

                                    }                  

                                }

                            }

                                                                               

                            if($checknotfound=="1" && $checkfound!=1){

                                if($save==""){

                                                                                                    

                                }else{

                                    mkdir($save,0755);

                                    chmod($save,0755);

                                }        

                            }

                            closedir($handle);

                        }        

                     }

                //-----        

                chdir($p);

                echo "---1".getcwd()."<br>";

                chdir($savefiletodir);

                echo "---2".getcwd()."<br>";                

                $source = "eassess/admin/fileupdate".$oFd->path."/".$oFd->filename2;

                list($erer,$pa) = split("/",$oFd->path,2);

                $target = $pa."/".$oFd->filename1;                                                

                //-----------------copy file to dir

                //unlink($oFd->filename1);        

                if($oFd->flagfile!="3"){   //case not delete file        

                echo "source>>".$source."<br>";

                echo "target>>".$target."<br>";

                    if (!copy( $source , $target )){

                        echo "can't copy";

                    }else{

                        print("Copy $source from to $target");

                        

                        //clear flaguse

                        $oFd1->SearchByfilename1anduse($oFd->filename1,$oFd->path);

                        while($oFd1->GetRecord()){

                                $oFd1->SearchByfileId($oFd1->fileId);

                                $oFd1->GetRecord();

                                $oFd1->Edit();

                                $oFd1->fileId=$oFd1->fileId;

                                $oFd1->updateDate=$oFd1->updateDate;

                                $oFd1->filename1=$oFd1->filename1;

                                $oFd1->filename2=$oFd1->filename2;

                                $oFd1->flagfile=$oFd1->flagfile;

                                $oFd1->flagupdate=$oFd1->flagupdate;

                                $oFd1->path=$oFd1->path;

                                $oFd1->detail=$oFd1->detail;

                                $oFd1->sysId=$oFd1->sysId;

                                $oFd1->updatetime=$oFd1->updatetime;

                                $oFd1->flagselect=$oFd1->flagselect;

                                $oFd1->flagrestore="N";

                                $oFd1->flaguse="N";

                                $oFd1->Save();

                        }

                        

                        

                        $oFd->SearchByfileId($fileId);

                        $oFd->GetRecord();

                        $oFd->Edit();

                        $oFd->fileId=$oFd->fileId;

                        $oFd->updateDate=$oFd->updateDate;

                        $oFd->filename1=$oFd->filename1;

                        $oFd->filename2=$oFd->filename2;

                        $oFd->flagfile=$oFd->flagfile;

                        $oFd->flagupdate="U";

                        $oFd->path=$oFd->path;

                        $oFd->detail=$oFd->detail;

                        $oFd->sysId=$oFd->sysId;

                        $oFd->updatetime=$oFd->updatetime;

                        $oFd->flagselect="Y";

                        $oFd->flagrestore="N";

                        $oFd->flaguse="Y";

                        $oFd->Save();

                        

                        $result2 = $client->call('update2', array('collegeCode' => $collegecode,'fileId' => $fileId));

                        echo '<h2>Result2</h2><pre>' . $result2 . '</pre>';

                        if($result2=="Y"){

                            echo '<h2>-----------complete--------------</h2>'; 

                        }

                    } 

                }else{   //case  delete file

                    $d=getcwd();

                    echo "00000000".getcwd()."<br>";

                    list($erer,$pa) = split("/",$oFd->path,2);

                    //chdir("../../");

                    echo "00000000".getcwd()."<br>";

                    $pathdelete=$oFd->path."/".$oFd->filename1;

                    list($erer,$pathdelete) = split("/",$pathdelete,2);

                    echo "deletefile===$pathdelete<br>";

                    unlink($pathdelete);

                    chdir($d);

                    //clear flaguse

                        $oFd1->SearchByfilename1anduse($oFd->filename1,$oFd->path);

                        while($oFd1->GetRecord()){

                                $oFd1->SearchByfileId($oFd1->fileId);

                                $oFd1->GetRecord();

                                $oFd1->Edit();

                                $oFd1->fileId=$oFd1->fileId;

                                $oFd1->updateDate=$oFd1->updateDate;

                                $oFd1->filename1=$oFd1->filename1;

                                $oFd1->filename2=$oFd1->filename2;

                                $oFd1->flagfile=$oFd1->flagfile;

                                $oFd1->flagupdate=$oFd1->flagupdate;

                                $oFd1->path=$oFd1->path;

                                $oFd1->detail=$oFd1->detail;

                                $oFd1->sysId=$oFd1->sysId;

                                $oFd1->updatetime=$oFd1->updatetime;

                                $oFd1->flagselect=$oFd1->flagselect;

                                $oFd1->flagrestore="N";

                                $oFd1->flaguse="N";

                                $oFd1->Save();

                        }

                    

                    

                    $oFd->SearchByfileId($fileId);

                    $oFd->GetRecord();

                    $oFd->Edit();

                    $oFd->fileId=$oFd->fileId;

                    $oFd->updateDate=$oFd->updateDate;

                    $oFd->filename1=$oFd->filename1;

                    $oFd->filename2=$oFd->filename2;

                    $oFd->flagfile=$oFd->flagfile;

                    $oFd->flagupdate="U";

                    $oFd->path=$oFd->path;

                    $oFd->detail=$oFd->detail;

                    $oFd->sysId=$oFd->sysId;

                    $oFd->updatetime=$oFd->updatetime;

                    $oFd->flagselect="Y";

                    $oFd->flagrestore="N";

                    $oFd->flaguse="Y";

                    $oFd->Save();

                    

                    $result2 = $client->call('update2', array('collegeCode' => $collegecode,'fileId' => $fileId));

                    echo '<h2>Result2</h2><pre>' . $result2 . '</pre>';

                    if($result2=="Y"){

                        echo '<h2>-----------complete--------------</h2>'; 

                    }

                }  

                chdir($pathnow);                

                

            }//if reult=Y 

            $countbar++;

            $total=$counttotal;

            //echo "countbar===$countbar<br>";

            //echo "total====$total<br>";

            ?>

                <script type="text/javascript">

                    parent.print_output(<?php echo $countbar;?>, <?php echo $total; ?>);

                </script>

            <?

            

                                                    

            if($select_file=="" && $fileId!=""){

                ?>

                    <script type="text/javascript">

                        parent.location.href = "updatefile.php";

                    </script>

                <?

            }                                 

        } // if err method set_to_dir     

    } // if fault

    echo "<meta http-equiv='refresh' content='0; URL=selectupdate.php?fileerror=$fileerror&fileId=$fileId&select_file=$select_file&success=1&counttotal=$counttotal&countbar=$countbar&total=$total'>";

?>

<?php

//showFooter();

?>
:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:
:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/
:: Command execute ::
Enter:	Select: