!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eregis/admin/   drwxr-xr-x
Free 51 GB of 127.8 GB (39.9%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     copyTimeTable.php (3.63 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
include_once "template.php";
showHeader();
include_once 
"../class/clsOfficer.php";
include_once 
"../class/clsClass.php";
include_once 
"../class/clsrg_CopyTimeTable.php";
include_once 
"../class/clsrg_OFSetTT.php";

$acadYear = (! isset($_GET['acadYear'])? "" $_GET['acadYear']);
$semester = (! isset($_GET['semester'])? "" $_GET['semester']);

checkFormat();

$conn = new Connection();

$oOf = new Officer();
$oCl = new Class1();
$oCt = new rg_CopyTimeTable();
$oOst = new rg_OFSetTT();

if(!
$acadYear)
    
$acadYear $GLOBALS["ACADYEAR"];
if(!
$semester)
    
$semester $GLOBALS["SEMESTER"];

$oOf->SearchByOfficerCode($oU->userPsCodeReg);
$oOf->GetRecord();    
?>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<script>
function doChange() {
    f = document.pc;
    var acadYear = f.acadYear.value;
    var semester = f.semester.value;
    
    location.href = "copyTimeTable.php?acadYear="+acadYear+"&semester="+semester;
}
</script>
<table width="740" border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
        <td><br><fieldset>
            <legend><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"]; ?>"><a href="adminIndex.php?mm=1">ภาระงานสอน</a> <img src="../picture/ico3.gif" align="absmiddle" border="0"> ปรับปรุงข้อมูลจากระบบจัดตารางสอน</font></legend>
            <div align="center"><br><form name="pc" method="post" action="processCopyTimeTable.php"><table width="300" align="center">
                <tr>
                    <td align="center" colspan="2"><font size="3" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>"><b>ปรับปรุงข้อมูลจากระบบจัดตารางสอน</b></font><br><br></td>
                </tr>
                <tr>
                    <td width="40%"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><b>ปีการศึกษา</b></font></td>
                    <td width="60%"><select name="acadYear" onChange="doChange()">
<?php
                        $oCl
->RSClassByTTGroupAcY();
                        while(
$oCl->GetRecord()) {
?>
                        <option value="<?php echo $oCl->acadYear;?><?php echo ($oCl->acadYear==$acadYear) ? 'selected' '';?>><?php echo $oCl->acadYear;?></option>
<?php
                        
}
?>
                    </select>
                    <font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>">*</font></td>
                </tr>
                <tr bgcolor="<?php echo $GLOBALS["COLOR_BG_TABLE_3"];?>">
                    <td><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_4'];?>"><b>ภาคการศึกษา</b></font></td>
                    <td><select name="semester" onChange="doChange()">
<?php
                        $oCl
->RSClassByTTGroupSe();
                        while(
$oCl->GetRecord()) {
?>
                        <option value="<?php echo $oCl->semester;?><?php echo ($oCl->semester==$semester) ? 'selected' '';?>><?php echo $oCl->semester;?></option>
<?php
                        
}
?>
                    </select>
                    <font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>">*</font></td>
                </tr>
                <tr>
                    <td colspan="2" align="center"><br>
<?php
                    $oCt
->RSrg_CopyTimeTableByAcYAndSeAndConfirmIsY($acadYear$semester);
                    
                    
$oOst->RSrg_OFSetTTByOfIdAndAcYAndTmIdAndWLIsY($oOf->officerId$acadYear$semester);
                    
                    
$res = (!$oCt->GetRecord() && $oOst->GetRecord()) ? '' 'disabled';
                    
                    
$lnk '<input type="submit" name="add" value="ตกลง" onClick="return checkFormat()" '.$res.'>';
                    echo 
$oU->CRUD($lnk'C');
?>
                    <input type="button" name="back" value="กลับเมนูหลัก" onClick="location.href = 'adminIndex.php?mm=1'">
                    <input type="hidden" name="method" value="add"></td>
                </tr>
            </table></form></div>
        </fieldset><br><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_3"];?>"><b>หมายเหตุ : </b>* หมายถึง ต้องกรอกข้อมูลให้สมบูรณ์</font></td>
    </tr>
</table>
<?php
$oOf
->Destroy();
$oCl->Destroy();
$oCt->Destroy();
$oOst->Destroy();
$conn->Disconnect();
showFooter();
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0127 ]--