!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/ums/   drwxr-xr-x
Free 51.22 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     RptUserSysGrpMn.php (8.38 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?
include_once("pagebody.php");
pageHeader();
$pageTitle="รายงานสรุป การกำหนดสิทธิ์การใช้งานในระบบงาน-กลุ่มผู้ใช้งาน-เมนูหลัก-เมนูย่อย รายบุคคล";

$submit $_REQUEST['submit'];
$txtSrch trim($_POST['txtSrch']);
$aUsID $_POST['UsID'];

echo 
"<table width=100% class=\"pageTitleBgColor\" align=\"center\">\n";
echo 
"<tr><td align=center>$pageTitle</td></tr>\n";
echo 
"</table>";
?>
<!--your code here-------------------------------------------------------------------------->
<br>
<p align=center>
<form name=form1 method=post>
<table bgcolor=#eeeeee align="center">
    <tr>
        <td>รหัสผู้ใช้/ชื่อ-นามสกุล</td>
        <td><input type="text" name="txtSrch" value="<?=$txtSrch?>">
                <input type="submit"  name="submit" value="Search"></td>
        </tr>
 </table>
</form>
</p>
<!--------------------------------------------------->
<?
//ค้นหารายชื่อ
if ($txtSrch==""){
    echo 
"<p align=center><font color='red'>กรุณาป้อน รหัสผู้ใช้/ชื่อ-นามสกุล</font></p>";        
}else{
    
$oC = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB'], $GLOBALS['USER'], $GLOBALS['PASSWORD']);
    if (
count($aUsID)==0){
        include_once(
"clsUmUserR.php");
        
$oUs = new umuserr($oC);
        
$oUs->RSUserByLogin_Name($txtSrch);
        
$i=1;
?>
        <form name=form method="POST">
        <input type="hidden" name="txtSrch" value="<?=$txtSrch?>">
        <table align="center" cellspacing="1" border="0" width=40%>
        <tr align="right" bgcolor="#dddddd"><td colspan="3">พบ <?=$oUs->numRows ?>รายการ</td></tr>
        <tr bgcolor="#dddddd"><th>เลือก</th><th>รหัสผู้ใช้</th><th>ชื่อ-นามสกุล</th></tr>
<?
        
while ($oUs->GetRecord()){
            
$bgcolor = ($i%2)? "#ffffff" "#ddeeff"
            echo 
"<tr bgcolor=$bgcolor>\n";
            echo 
"<td align=center><input type=checkbox name=UsID[] value='$oUs->UsID'></td>\n";
            echo 
"<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$oUs->UsLogin</td>\n";
            echo 
"<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$oUs->UsName</td>\n";
            echo 
"</tr>";
            
$i++;
        }
?>
        <tr  bgcolor=#ffffff>
          <td colspan="2">
            <a href="javascript:doCheckAll(this.form,true);">ทั้งหมด</a> | 
            <a href="javascript:doCheckAll(this.form,false);">ไม่เลือกเลย</a>
        </td>
        <td><input type="submit" name="Search1" value=" OK "></td>
        </tr>
        </table>
        </form>
<?
    
}else{
        
//==========----------========----------====================----------========----------
?>
    <table bgcolor="#dddddd" align="center" cellpadding="0" cellspacing="0">
    <tr><td>
        <table align="center" cellspacing="1"  cellpadding="3" width="100%">
<?
        
//for each user checked
        
$i=1;
        foreach (
$aUsID as $val){
            include_once(
"clsUmUserR.php");
            
$oUs = new umuserr($oC);
            
// get user info
            
$oUs->SearchByKey($val);
            
$oUs->GetRecord();
            echo 
"<tr bgcolor='#eeeddd'>";
            echo 
"<th>ลำดับ</th><th>ID</th><th>ชื่อ-นามสกุล</th><th>ชื่อเข้าใช้ระบบงาน</th><th>ระบบงาน-กลุ่มผู้ใช้งาน-เมนู</th><th>หมายเหตุ</th> </tr>";
                        
            include_once(
"clsUmUserGroupR.php");
            
$oUgR = new umusergroupr($oC);        
            
$svi $i;
            
$svUsID$oUs->UsID;
            
$svUsName$oUs->UsName;
            
$svUsLogin$oUs->UsLogin;
            
            
//get กลุ่มงาน ของ user เพื่อจะได้รู้ระบบงาน
            
$oUgR->RsUserGroupSystem($val);
            while (
$oUgR->GetRecord()){
                
//พิมพ์บรรทัดที่ 1 ชื่อระบบ
                
echo "<tr bgcolor='White'>";
                echo 
"<td align='center'>$svi</td>";
                echo 
"<td align='center'>$svUsID</td>";
                echo 
"<td align='center'>$svUsName</td>";
                echo 
"<td align='center'>$svUsLogin</td>";
                echo 
"<td><b>$oUgR->StNameT<b></td>";
                echo 
"<td>&nbsp;</td></tr>";
                    
$svi "&nbsp";
                    
$svUsID"&nbsp";
                    
$svUsName"&nbsp";
                    
$svUsLogin"&nbsp";
                
                
//พิมพ์บรรทัดที่ 2 ชื่อกลุ่มงาน
                
echo "<tr bgcolor='White'>";
                echo 
"<td align='center'>&nbsp;</td>";
                echo 
"<td align='center'>&nbsp;</td>";
                echo 
"<td align='center'>&nbsp;</td>";
                echo 
"<td align='center'>&nbsp;</td>";
                echo 
"<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<b>$oUgR->GpNameT<b></td>";
                echo 
"<td>&nbsp;</td></tr>";
                
                
//พิมพ์เมนู ของระบบ
                
ShowMenu1($oUgR->StID$oUs->UsID$oUgR->UgGpID);
                
                echo 
"<tr bgcolor='White'><td colspan=6>&nbsp;</td></tr>";
            } 
// while each group
            
            
$i++;
            
        } 
//for each user
?>        
        </table>
    </td></tr></table><br />
<?
        
//==========----------========----------====================----------========----------
    
}
        
// ค้นหารายชื่อ

//-------------------------------

//จะแสดงเมื่อ (ทำเฉพาะแสดงเท่านั้น)
//1    ไม่มีใน GroupPermission และ ไม่มีใน Permission
//2    ไม่มีใน GroupPermission และ มีใน Permission และ pmX=1 
//3    มีใน GroupPermission และ gpX=1 และ ไม่มีใน Permission
//4    มีใน GroupPermission และ มีใน Permission และ pmX=1
//
//จะไม่แสดงเมื่อ
//    มีใน GroupPermission และ gpX=0 และ ไม่มีใน Permission
//    มีใน GroupPermission และ gpX=0 และ มีใน Permission และ pmx=0
//    มีใน GroupPermission และ gpX=1 และ มีใน Permission และ pmx=0
//    ไม่มีใน GroupPermission และ มีใน Permission และ pmX=0
            
function ShowMenu1($StID$UsID$GpID$MnID=""){
    global 
$oC;
    
    include_once(
"../class/clsDB.php");
    include_once(
"clsUmMenuR.php");
    include_once(
"clsUmGPermission.php");
    include_once(
"clsUmPermission.php");
    
    
//first call Only
    
if ($MnID==""){
        
$oMm  = new ummenur($oC);
        
$oGp = new umgpermission($oC);
        
$oUp = new umpermission($oC);
        
        
$oMm->RsMainMenuList($StID);
        while(
$oMm->GetRecord()){    // ในแต่ละเมนู
            
$oGp->SearchByKey($GpID$oMm->MnID);
            if (
$oGp->GetRecord()){    //มีใน GroupPermission
                
$flgShow=0;
                if (
$oGp->gpX==1){ // case 3
                    
$oUp->SearchByKey($UsID$oMm->MnID);
                    if (
$oUp->GetRecord()){ //ไม่มีใน Permission
                        
                    
}else{
                        
//แสดง
                        
showMenu2($oMm->MnNameT$oMm->MnLevel);
                        
$flgShow=1;
                    }
                }
                if (
$flgShow==0){ // case 4
                    
$oUp->SearchByKey($UsID$oMm->MnID);
                    if (
$oUp->GetRecord()){ //มีใน UmPermission
                        
if($oUp->pmX==1){
                            
//แสดง
                            
showMenu2($oMm->MnNameT$oMm->MnLevel);
                        }
                    }
                }
            }else{ 
//ไม่มีใน GroupPermission
                
$flgShow=0;
                
$oUp->SearchByKey($UsID$oMm->MnID);
                if (
$oUp->GetRecord()){ //ไม่มีใน Permission
                    
                
}else{ // case 1
                    //แสดง
                    
showMenu2($oMm->MnNameT$oMm->MnLevel);
                    
$flgShow=1;
                }
                if (
$flgShow==0){
                    
$oUp->SearchByKey($UsID$oMm->MnID);
                    if (
$oUp->GetRecord()){ //มีใน UmPermission
                        
if($oUp->pmX==1){
                            
//แสดง
                            
showMenu2($oMm->MnNameT$oMm->MnLevel);
                        }
                    }
                }
            }
            
ShowMenu1($StID$UsID$GpID$oMm->MnID);
        }
        
    }else{ 
// $MnID<>""     :  เป้น parent MnID
        
        
$oSm  = new ummenur($oC);
        
$oGp = new umgpermission($oC);
        
$oUp = new umpermission($oC);
        
        
$oSm->RsMenuList1($MnID);    //หา เมนูย่อยของ เมนูหลัก
        
while($oSm->GetRecord()){    // ในแต่ละเมนู
            
$oGp->SearchByKey($GpID$oSm->sMnID);
            if (
$oGp->GetRecord()){    //มีใน GroupPermission
                
$flgShow=0;
                if (
$oGp->gpX==1){ // case 3
                    
$oUp->SearchByKey($UsID$oSm->sMnID);
                    if (
$oUp->GetRecord()){ //ไม่มีใน Permission
                        
                    
}else{
                        
//แสดง
                        
showMenu2($oSm->sMnNameT$oSm->sMnLevel);
                        
$flgShow=1;
                    }
                }
                if (
$flgShow==0){ // case 4
                    
$oUp->SearchByKey($UsID$oSm->sMnID);
                    if (
$oUp->GetRecord()){ //มีใน UmPermission
                        
if($oUp->pmX==1){
                            
//แสดง
                            
showMenu2($oSm->sMnNameT$oSm->sMnLevel);
                        }
                    }
                }
            }else{ 
//ไม่มีใน GroupPermission
                
$flgShow=0;
                
$oUp->SearchByKey($UsID$oSm->sMnID);
                if (
$oUp->GetRecord()){ //ไม่มีใน Permission
                    
                
}else{ // case 1
                    //แสดง
                    
showMenu2($oSm->sMnNameT$oSm->sMnLevel);
                    
$flgShow=1;
                }
                if (
$flgShow==0){
                    
$oUp->SearchByKey($UsID$oSm->sMnID);
                    if (
$oUp->GetRecord()){ //มีใน UmPermission
                        
if($oUp->pmX==1){
                            
//แสดง
                            
showMenu2($oSm->sMnNameT$oSm->sMnLevel);
                        }
                    }
                }
            }
            
ShowMenu1($StID$UsID$GpID$oSm->sMnID);
        }    
    
    }

}

function 
showMenu2($MnNameT$Level){
    echo 
"<tr bgcolor='White'>";
    echo 
"<td align='center'>&nbsp;</td>";
    echo 
"<td align='center'>&nbsp;</td>";
    echo 
"<td align='center'>&nbsp;</td>";
    echo 
"<td align='center'>&nbsp;</td>";
    echo 
"<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;" str_pad("",10*6*$Level,  "&nbsp;"STR_PAD_RIGHT) . "[$Level]$MnNameT</td>";
    echo 
"<td>&nbsp;</td></tr>";
}

?>
<!--------------------------------------------------------------------->
<? pageFooter(); ?>
<!--------------------------------------------------------------------->
<!--put javascript here-->
<script language="javascript">
function doCheckAll(form, do_check){
        for (var i=0; i<form.length; i++){
                if (form.elements[i].type == 'checkbox')
                        form.elements[i].checked = do_check;
        }
}
</script>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0151 ]--