!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eassess_OLD/admin/   drwxr-xr-x
Free 50.99 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     processSectionRQ.php (4.51 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once "../global1.php";
include_once 
"../../class/clsDB.php";
include_once 
"../../class/clsConnection.php";
include_once 
"../class/clsSectionRQ.php";
include_once 
"../class/clsHeaderQuestion.php";
include_once 
"../class/clsHeaderScore.php";
include_once 
"../class/clsDetailScore.php";

$oC = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB_EASS'], $GLOBALS['USER_EASS'], $GLOBALS['PASSWORD_EASS']);

//echo "UsedAss = ".$UsedAss;
//echo "<br> score_amount_UsedAss = ".$score_amount_UsedAss;

//-------  SectionRQ ,HeaderQuestion, HeaderScore, DetailScore -------

$objSRQ = new SectionRQ($oC);
$objHQ = new HeaderQuestion($oC);
$objHS = new HeaderScore($oC);
$objDS = new DetailScore($oC);

//echo "method = ".$method;

//----------------------For SectionRQ--------------------------
if($method=="add"){
        
$objSRQ->AddNew();
        
$objSRQ->sectionRQid=$sectionRQid;
        
$objSRQ->assid=$assid;
        
$objSRQ->topicSectionRQ=$topicSectionRQ;
        
$objSRQ->sequenceRQ=$sequenceRQ;
        
$objSRQ->Save();
} else if(
$method == "edit"){
        
$objSRQ->SearchByKey($sectionRQid);
        
$objSRQ->GetRecord();
        
$objSRQ->Edit();
        
$objSRQ->sectionRQid=$sectionRQid;
        
$objSRQ->assid=$assid;
        
$objSRQ->topicSectionRQ=$topicSectionRQ;
        
$objSRQ->sequenceRQ=$sequenceRQ;
        
$objSRQ->Save();
} else if(
$method=="delete"){
        
$objSRQ->SearchByKey($sectionRQid);
        
$objSRQ->GetRecord();
        
$objSRQ->Delete();
}

//----------------------For HeaderQuestion-----------------
//echo "<br>**** numHQ = ".$numHQ;
if($numHQ == 0){
    
//if($method =="add") เพิ่มข้อมูล
        
$getHQid $objHQ->GetNextCode();
        
$getHSid $objHQ->GetNextCode();
        
$objHQ->AddNew();
        
$objHQ->HQid=$getHQid;
        
$objHQ->assid=$assid;
        
$objHQ->sectionRQid=$sectionRQid;
        
$objHQ->HSid=$getHSid;
        
$objHQ->HQtext=$HQtext;
        
$objHQ->Save();
}else{
    
//if($method =="edit")  อัพเดทข้อมูล
        
$objHQ->SearchByKey($HQid);
        
$objHQ->GetRecord();
        
$objHQ->Edit();
        
$objHQ->HQid=$HQid;
        
$objHQ->assid=$assid;
        
$objHQ->sectionRQid=$sectionRQid;
        
$objHQ->HSid=$HSid;
        
$objHQ->HQtext=$HQtext;
        
$objHQ->Save();
}
    if(
$method =="delete"){
        
$objHQ->SearchByKey($HQid);
        
$objHQ->GetRecord();
        
$objHQ->Delete();
    }

//----------------------For HeaderScore-----------------
//echo "<br>**** numHS = ".$numHS;
if($numHS == 0){
        
//if($method =="add") เพิ่มข้อมูล
        
$objHS->AddNew();
        
$objHS->HSid=$HSid;
        
$objHS->HStext=$HStext;
        
$objHS->score_amount=$score_amount;
        
$objHS->Save();
}else{
        
//if($method =="edit")  อัพเดทข้อมูล
        //กรณีที่แบบประเมินได้ใช้ในการประเมินแล้ว  ค่าของ score_amount จะ้hidden เป็นตัวแปรชื่อ
        //score_amount_UsedAss เพื่อโปรแกรมจะได้ไม่สับสนในส่วนของ javascript ในหน้าฟอร์ม
        
if($UsedAss == 0){
            
$objHS->SearchByKey($HSid);
            
$objHS->GetRecord();
            
$objHS->Edit();
            
$objHS->HSid=$HSid;
            
$objHS->HStext=$HStext;
            
$objHS->score_amount=$score_amount;
            
$objHS->Save();
        }else{
            
$objHS->SearchByKey($HSid);
            
$objHS->GetRecord();
            
$objHS->Edit();
            
$objHS->HSid=$HSid;
            
$objHS->HStext=$HStext;
            
$objHS->score_amount=$score_amount_UsedAss;
            
$objHS->Save();
        }
}

    if(
$method=="delete"){
        
$objHS->SearchByKey($HSid);
        
$objHS->GetRecord();
        
$objHS->Delete();
    }

//----------------------For DetailScore-------------------
//echo "<br>----numDS = ".$numDS;
//echo "<br> +++ HSid = ".$HSid;
if($numDS == 0){
    
//if($method =="add") เพิ่มข้อมูล    

for($i=0$i<sizeof($DStext); $i++){
        
$objDS->AddNew();
        
$objDS->DSid=$DSid;
        
//$objDS->HSid=$HSid; เปลี่ยนเป็น getHSid 
        //เพื่อดึง HSid จากตาราง HeaderQuestion มาใส่
        
$objDS->HSid=$getHSid;
        
$objDS->DStext=$DStext[$i];
        
$objDS->score=$score[$i];
        
$objDS->CTFirst=$CTFirst[$i];
        
$objDS->CTLast=$CTLast[$i];
        
$objDS->Save();
    }    
}else{    
//กรณีมีค่าใน DB แล้วหรือ numDS > 0
    //ลบเพื่ออัพเดทใหม่
    
if($UsedAss == 0){
        for(
$i=0$i<sizeof($DStext); $i++){
                
$objDS->SearchByKeyHSid($HSid);
                
$objDS->GetRecord();
                
$objDS->Delete();
        }
        for(
$i=0$i<sizeof($DStext); $i++){
            
$objDS->AddNew();
            
$objDS->DSid=$DSid;
            
$objDS->HSid=$HSid;
            
$objDS->DStext=$DStext[$i];
            
$objDS->score=$score[$i];
            
$objDS->CTFirst=$CTFirst[$i];
            
$objDS->CTLast=$CTLast[$i];
            
$objDS->Save();
        }
    }
}

if(
$method=="delete"){
    
$objDS->SearchByKey($DSid);
    
$objDS->GetRecord();
    
$objDS->Delete();
}

echo 
"<meta http-equiv='refresh' content='0; URL=createForm.php?assid=$assid'>";
//-------------------end obj------------------
//$objSRQ->Close();
//$objHQ->Close();
//$objHS->Close();
//$objDS->Close();
//$oC->Disconnect();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.016 ]--